computer forensics, computer forensics expert, mobile phone forensics, expert witness

Inside Out

libewf has relocated

This won't be news to many, but I came across a colleague today who didn't realise that the libewf project has moved home to sourceforge.

Libewf is the only open source implementation of the Expert Witness Format (EWF) file format, which is the de facto standard for storage of forensic disk images. This open source implementation contains numerous utilities, including a faster than LinEn, UNIX based, command line EWF acquisition program, ewfacquire, and a command line validation utility called ewfverify. This latter tool I have found extremely useful in automating the evidence preservation process.

Related news is that Joachim Metz, the creator of libewf has recently released libpff, an open source implementation of the Outlook PST, OST and PAB file formats.