[How-To] Mount an Expert Witness File with EWFMount

preview_player
Показать описание
Learn how to mount an Expert Witness File in Linux using the tool EWFMount. EWFMount makes disk images in the Expert Witness Format (.E01) able to be accessed like an attached hard disk. Mounting the disk image allows you to use other tools and investigation methods against the data, even if that tool does not support EWF formats.

EWF images are a common file type used by Law Enforcement around the world. EWF has some additional features, such as compression and error checking, that you will not have with RAW (dd) disk images.

010001000100011001010011011000110110100101100101011011100110001101100101
Get more Digital Forensic Science

010100110111010101100010011100110110001101110010011010010110001001100101

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.
  1. DFIRScience
  2. Expert Witness Format
  3. ewfmount
  4. how to load ewf file
  5. ewf file
  6. efwmount
Рекомендации по теме
[How-To] Mount an 0:12:42

[How-To] Mount an Expert Witness File with EWFMount

Forensic Expert Witness 0:01:11

Forensic Expert Witness Report Module - Installation

Advanced mounting of 0:11:07

Advanced mounting of dd & EWF images using ewfmount - Linux Command Line tutorial forensics - 20

Physical Image and 0:09:00

Physical Image and Partition Mounting in Tsurugi Linux

Johnny Depp's team 0:00:39

Johnny Depp's team is Shocked after the Expert starts SPAZZING OUT

The Only Written 0:10:56

The Only Written Eye-Witness Account Of Pompeiis Destruction

Qualifications of a 0:08:54

Qualifications of a Business Valuation Expert Witness

Linux Forensics with 0:42:00

Linux Forensics with Linux - CTF Walkthrough

How to Increase 0:00:51

How to Increase Your Expert Witness Salary

X-Ways Forensics - 0:03:42

X-Ways Forensics - Performing basic disk imaging using the E01 format

Massad Ayoob - 0:00:59

Massad Ayoob - The 3' 2020 Colt Python with Wilson Combat sights

[How-To] Mount Multi-Part 0:05:37

[How-To] Mount Multi-Part Raw Disk Image with FTK Imager

FTK Imager: Mounting 0:02:35

FTK Imager: Mounting / Unmounting images.

A Contractor vs. 0:00:43

A Contractor vs. The Sword in the Stone ('NOISE BOYS' DELETED SCENE)

Ground Slope Negligence 0:01:59

Ground Slope Negligence Investigation, Improper Drain Pipe Issues, Expert Witness Investigation

Upgrading your Expert 0:16:16

Upgrading your Expert Witness Presentations

Basic Disk Forensics 0:26:30

Basic Disk Forensics P2

The Court says 0:28:18

The Court says they cannot compel Jean Mensa to mount the witness box to give evidence

Mastering the Art 0:02:16

Mastering the Art of Expert Witness Testimony - Video Series

Mounting Linux Logical 0:12:24

Mounting Linux Logical Volumes in Forensic Disk Images

Imaging a Hard 0:10:09

Imaging a Hard Drive with FTK Imager Lite

Johnny Depp Court 0:00:12

Johnny Depp Court Case Funny Moments 😂 #shorts #johnnydepp #amberheard

2023 Ohio Mock 0:00:56

2023 Ohio Mock Trial - Witness Testimony #shorts #education

Mitnik's Monthly Brushstrokes 0:06:18

Mitnik's Monthly Brushstrokes - S2 Ep10 - Cross Examine Part 1

Комментарии
Автор

Your voice is so charismatic, it makes it so easier to understand these difficult concepts

stephanieholland
Автор

Very good! A lot of tutorials run commands with out giving an explanation of them. Very beneficial!

hipmatt
Автор

When i do mmls it doesn't show anything?

joshuasnel
Автор

I tried this. 1. When I mount the image it changes the temp directory to root:root (555) even though I set it as username:username prior to the ewmount command. I can still go into the folder and see ewf1. I can fdisk it. I can mmls on it. But when I try to mount the file I can't create the loop even if I use sudo. baffled. You don't show that part in your video.

robertwoodruff
Автор

Very interesting thanks for your tutorial.
Does mounting require more steps if the ewf file is splited ?

Hyazoulephant
Автор

we can use mmls for that e01 at the first place i guess, how to extract files in that image?? like registry

nboi