Re: [sleuthkit-users] tsk_recover E01 extraction issues

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Is libewf built into your binaries?  That is, does tsk_recover show ewf images as an available format?  For example, here's my '-i list' output:

$ tsk_recover -i list
Supported image format types:
	raw (Single or split raw file (dd))
	aff (Advanced Forensic Format)
	afd (AFF Multiple File)
	afm (AFF with external metadata)
	afflib (All AFFLIB image formats (including beta ones))
	ewf (Expert Witness format (encase))

--Alex

On Mar 13, 2014, at 18:09 , Brian McHughs <br...@in...> wrote:

> I have an image file (split King.E01, King.E02) that I'm trying to utilize the commandline tsk_recover to extract all allocated files into a specified output directory.
> 
> command I'm running:
> 
> tsk_recover ./King.E01 ./Output
> 
> I get:
> Cannot determine file system type (Sector offset: 0)Files Recovered: 0
> 
> 
> 
> So I updated my command to:
> 
> tsk_recover -f fat ./King.E01 ./Output
> 
> I get:
> 
> 
> Invalid magic value (Not a FATFS file system (magic)) (Sector offset: 0)Files Recovered: 0
> 
> 
> 
> My goal is to simply extract everything in the E01 image files out into the Output directory.  Can anyone please tell me what I'm missing?
> 
> Environment
> 
> MAC: OS X 10.9.1
> 
> thanks,
> 
> Brian McHughs
> 
> 
> br...@in... (email)
> www.indexed.io (web)
> 888.840.0709 x101 (office)
> 303.900.3364 (cell)
> 
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org