LiFTeR: Changes for May 11, 2015
- libewf{,-devel,-tools}-20100226-1.fc21.{i686,x86_64}.rpm and ewftools-20140608-1.fc21.{i686,x86_64}.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
This package contains the Version 1 API for the libewf tools and is needed to build the libewf-20140608 package.
- libewf{,-devel,-python}-20140608-1.fc21.{i686,x86_64}.rpm and ewftools-20140608-1.fc21.{i686,x86_64}.rpm -
Libewf supports Expert Witness Compression Format (EWF) formatted files.
It supports both the SMART (EWF-S01) and EnCase (EWF-E01) format.
Note that beginning with Fedora 19, the tools package is named ewftools to reflect the package name found in those releases of Fedora.
Libewf allows you to read and write EWF files. Recent versions also support the LEV (EWF-L01) format.
Note: Version 20140608 is the latest production of libewf but there is a later version (20141129), an experimental version, in the repository. We have received a report that version 20141129 has a bug and cannot handle split E01 files correctly. The report noted this error in the plaso timeline tool. The bug report is here.
If you wish to install the 20140608 version of libewf, do the following, all as root
rpm -ev $(rpm -qa | grep 'ewf.*20150105*') --nodeps
Then edit /etc/yum.repos.d/cert-forensics-tools.repo so that the beginning of the file looks like the following:
yum -y install {ewftools,libewf-python,libewf}-20140608-2
[forensics]
This will install the last stable version of libewf which fixes the split E01 bug.
name=CERT Forensics Tools Repository
baseurl=http://www.cert.org/forensics/repository/fedora/cert/$releasever/$basearch
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cert-forensics-2016-02-22
gpgcheck=1
proxy=_none_
deltarpm=0
exclude=ewftools* libewf*
Note that when a new version of libewf becomes available, you will need to removed these chnages to /etc/yum.repos.d/cert-forensics-tools.repo. Watch this page for that announcement.