Conversion of disk image from Encase (E01) to Raw format
The problem should be clear from the message
export_handle_open_output: unable to open file: /user/manu/Downloads nps.
i.e. the path and/or filename that you have specified is not valid. First, are you sure your home directory is under /user? The standard Linux location would be /home (although that may be different if you are in a corporate environment), so that if you are trying to save the raw file as nps in your own Downloads directory the full path and filename with extension will probably be something like /home/manu/Downloads/nps.
[The wording of the prompt is unclear, but it appears to actually require a single contiguous target/path/to/filename.ext, not a whitespace separated list like target/path/to file ext]
Or since you are running the ewfexport file from that directory, you can just use . to indicate the current directory i.e.
Target path and filename with extension or - for stdout: ./npsalthough personally I would probably use something like ./nps-2010-emails.raw to make the image's origin more obvious, i.e.
Target path and filename with extension or - for stdout: ./nps-2010-emails.rawRelated videos on Youtube
35 : 04
02 : 49
07 : 44
03 : 26
06 : 44
spaceman_spiff
Updated on September 18, 2022Comments
-
spaceman_spiff over 1 year
I am trying to convert from EnCase to Raw format using instructions given on this page.
The following takes place:
manu@ubuntu:~/Downloads$ ewfexport nps-2010-emails.E01 The program 'ewfexport' is currently not installed. You can install it by typing: sudo apt-get install ewf-tools manu@ubuntu:~/Downloads$ sudo apt-get install ewf-tools [sudo] password for manu: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: ewf-tools 0 upgraded, 1 newly installed, 0 to remove and 503 not upgraded. Need to get 162 kB of archives. After this operation, 438 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ quantal/universe ewf-tools amd64 20100226-1build2 [162 kB] Fetched 162 kB in 2s (65.7 kB/s) Selecting previously unselected package ewf-tools. (Reading database ... 158500 files and directories currently installed.) Unpacking ewf-tools (from .../ewf-tools_20100226-1build2_amd64.deb) ... Processing triggers for man-db ... Setting up ewf-tools (20100226-1build2) ... manu@ubuntu:~/Downloads$ ewfexport nps-2010-emails.E01 ewfexport 20100226 (libewf 20100226, libuna 20091031, libbfio 20091114, zlib 1.2.3.4, libcrypto 1.0.0, libuuid) Information for export required, please provide the necessary input Export to file format (raw, ewf, smart, ftk, encase1, encase2, encase3, encase4, encase5, encase6, linen5, linen6, ewfx) [raw]: raw Target path and filename with extension or - for stdout: /user/manu/Downloads nps Start export at offset (0 >= value >= 10485760) [0]: 0 Amount of bytes to export (0 >= value >= 10485760) [10485760]: Export started at: Fri Jun 13 02:54:12 2014 This could take a while. Unable to open output. export_handle_open_output: unable to open file: /user/manu/Downloads nps.I had to copy and paste from the terminal,as I am a newbie,I am not allowed to post more than two links or any pictures. This question is very important as it is required for the summer intern I am currently pursuing.
Please help me to understand the intermediate prompt messages and to convert the file from EnCase to Raw format. The Digital Corpus (The EnCase file) is downloaded from Digital Corpora.
-
spaceman_spiff almost 10 yearsthanx, I corrected that but i still did not get what is meant by Start export at offset (0 >= value >= 10485760) [0]: and Amount of bytes to export (0 >= value >= 10485760) [10485760]: what answer am I suppose to give to the above questions ?
-
steeldriver almost 10 yearsYou should really ask your supervisor about that - although I expect you can just accept the default values (which will probably convert the whole image).
