Bulk Extractor and E0 Files

[Yaniv]

Does BE support reading segmented E0 files?

the help file says "Support for E01 files compiled in", not quite sure
what this means?

[Simson Garfinkel]

It means you can read them .

sent from my phone. please excuse brevity and spelling errors.

> --
> You received this message because you are subscribed to the Google Groups "aff-discuss" group.
> To post to this group, send email to aff-d...@googlegroups.com.
> To unsubscribe from this group, send email to aff-discuss...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/aff-discuss?hl=en.
>

[Yaniv]

Ok... how does one go about reading them? 

[Dewhirst, Rob]

I am guessing this means you have the libewf installed when you built
BE. Since that supports split E01 you should have no problem?

Just a guess.

It also takes about 10 seconds to test...

[Simson Garfinkel]

bulk_extractor -o outdir filename.E01

 

(it automatically finds the other files.)

 

What happened when you tried this yourself?

[Dewhirst, Rob]

On Thu, Jun 30, 2011 at 9:28 AM, Yaniv <yani...@gmail.com> wrote:
> Ok... how does one go about reading them?

reading them with bulk_extractor or just reading them in general?

bulk_extractor image.E01 -o ./outputdir

If you just want to read them there are many writeups about mounting
E01 files and they are not hard to find. If you are on windows the
free version FTKImager is probably the easiest.

[SLG]

Please review the usage:

bulk_extractor -o outputdir image.E01

The image goes last.

On Jun 30, 2:28 pm, "Dewhirst, Rob" <robdewhi...@gmail.com> wrote: