Terminated with exit value 1. Please help.

134 views
Skip to first unread message

chris.mcn...@gmail.com

unread,
May 23, 2017, 10:30:08 AM5/23/17
to bulk_extractor-users
I am a new BE 1.5.5 user and have a question.  I am trying to run BE on an .EO1 file and continue to receive the following error message:

bulk_extractor Scanner terminated with exit value 1.  Please check command syntax:
bulk_extractor -o "F:\2016-405963\Bulk Extractor" "K:\-3 Image\682229-3.EO1"

In the bulk_extractor Scan window, I receive the following error message:

Cannot open: K:\-3 Image\682229-3.EO1: Result too large
libewf_handle_open: unable to open handle using a file IO pool.

I have tried launching BE from the GUI and from command line.  Also, I have successfully used BE with other .EO1 files without any errors or issues.

Any assistance you can provide is greatly appreciated.

Thanks!

Chris

Simson Garfinkel

unread,
May 23, 2017, 10:52:37 AM5/23/17
to bulk_extra...@googlegroups.com, chris.mcn...@gmail.com
Are you using a .EO1 file or a .E01 file? If the file extension is .EO1, as you indicate in your email, please try renaming the file 682229-3.E01 and see if that helps.

I believe that your .E01 file may be corrupt. Try converting it to a raw (.dd) file.



--
You received this message because you are subscribed to the Google Groups "bulk_extractor-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

chris.mcn...@gmail.com

unread,
May 23, 2017, 11:13:17 AM5/23/17
to bulk_extractor-users, chris.mcn...@gmail.com
I am sorry for my typo: I am using an .E01 file.  I have processed it with EnCase and IEF, so I don't think it is a corrupt file.  Thanks for the suggestion though; if I cannot find any other answers for this, I will convert it and try it as a raw file.
To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-users+unsub...@googlegroups.com.

Simson Garfinkel

unread,
May 23, 2017, 1:09:00 PM5/23/17
to bulk_extra...@googlegroups.com, chris.mcn...@gmail.com
Yes, please try and let me know how it goes. It looks like you have found a bug in libewf


----
Sent from my phone.
To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-u...@googlegroups.com.

chris.mcn...@gmail.com

unread,
May 23, 2017, 1:23:33 PM5/23/17
to bulk_extractor-users, chris.mcn...@gmail.com
Ok.  Thanks.  I have no idea if this helps or not, but for what it is worth, the .E01 file is 2,048,029 KB and the entire image is from .E01 to .EON for a total of 963,340,114 KB.

Chris

chris.mcn...@gmail.com

unread,
May 24, 2017, 9:25:52 AM5/24/17
to bulk_extractor-users, chris.mcn...@gmail.com
Converted the .e01 to .dd overnight and started a bulk_extractor Scan just now.  So far all looks good.  Thanks for the suggestion.  If there is anything I can provide to help troubleshoot the libewf issue, please advise.  This tools is awesome and your help is very much appreciated.


Chris

On Tuesday, May 23, 2017 at 10:09:00 AM UTC-7, SLG wrote:

Simson Garfinkel

unread,
May 24, 2017, 9:57:18 AM5/24/17
to bulk_extra...@googlegroups.com, chris.mcn...@gmail.com
Which version of libewf are you using?

To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-u...@googlegroups.com.

chris.mcn...@gmail.com

unread,
May 24, 2017, 2:43:35 PM5/24/17
to bulk_extractor-users, chris.mcn...@gmail.com
Honestly, I don't know.  I am using BE v.1.5.5 on a Windows 7 machine.  I have been poking around trying to find the answer to your question and I have no idea.  Can you point me in the right direction?  Yeah, yeah...I know I have that "new guy" smell about me.  But, hey...I am trying my best here.  Thanks, everyone.

Chris

John Lehr

unread,
May 24, 2017, 2:59:31 PM5/24/17
to bulk_extra...@googlegroups.com

Chris, it would be helpful to know what tool (and version of that tool) was used to create the EWF image and what parameters, if any, were used.

To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-u...@googlegroups.com.


For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "bulk_extractor-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-u...@googlegroups.com.


For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "bulk_extractor-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-u...@googlegroups.com.


For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "bulk_extractor-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bulk_extractor-u...@googlegroups.com.

Reply all
Reply to author
Forward
0 new messages