Linux and UNIX Man Pages

Test Your Knowledge in Computers #364
Difficulty: Medium
vi first appeared in 1BSD.
True or False?
Linux & Unix Commands - Search Man Pages

ewfinfo(1) [debian man page]

ewfinfo 							       LOCAL								   ewfinfo

NAME
ewfinfo -- show meta data stored in EWF files SYNOPSIS
ewfinfo [-A codepage] [-d date_format] [-ehimvV] ewf_files DESCRIPTION
ewfinfo is a utility to show meta data stored in EWF files. ewfinfo is part of the libewf package. libewf is a library to support the Expert Witness Compression Format (EWF). libewf supports both the SMART format (EWF-S01) and the EnCase format (EWF-E01). libewf currently does not support the Logical Volume format (EWF-L01). EWF-X is an expirimental format intended for testing purposes to enhance the EWF format. libewf allows you to read and write media data in the EWF for- mat. ewf_files the first or the entire set of EWF segment files The options are as follows: -A codepage the codepage of header section, options: ascii (default), windows-874, windows-1250, windows-1251, windows-1252, windows-1253, win- dows-1254, windows-1255, windows-1256, windows-1257, windows-1258 -d date_format the date format, options: ctime (default), dm (day/month), md (month/day), iso8601 -e only show EWF read error information -h shows this help -i only show EWF acquiry information -m only show EWF media information -v verbose output to stderr -V print version ENVIRONMENT
None FILES
None EXAMPLES
# ewfinfo -d dm floppy.E01 ewfinfo 20090427 (libewf 20090427, libuna 20090427, libbfio 20090426, zlib 1.2.3, libcrypto 0.9.8g, libuuid) Acquiry information Case number: 1 Description: Floppy Examiner name: John D. Evidence number: 1.1 Notes: Just a floppy in my system Acquiry date: 09/12/2006 10:00:12 System date: 09/12/2006 10:00:12 Operating system used: Linux Software version used: 20061209 Password: N/A EWF information File format: EnCase 5 Sectors per chunk: 64 Error granularity: 64 Compression type: no compression GUID: 869910fc-e143-4908-9328-afedf4a7be1e Media information Media type: removable disk Is physical: no Bytes per sector: 512 Amount of sectors: 2880 Media size: 1.4 MiB (1474560 bytes) Digest hash information MD5: ae1ce8f5ac079d3ee93f97fe3792bda3 DIAGNOSTICS
Errors, verbose and debug output are printed to stderr when verbose output -v is enabled. Verbose and debug output are only printed when enabled at compilation. BUGS
Please report bugs of any kind to <forensics@hoffmannbv.nl> or on the project website: http://libewf.sourceforge.net/ AUTHOR
These man pages were written by Kees Mastwijk. Alterations for distribution have been made by Joachim Metz. COPYRIGHT
Copyright 2006-2009 Kees Mastwijk, Hoffmann Investigations <forensics@hoffmannbv.nl> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. SEE ALSO
ewfacquire(1), ewfacquirestream(1), ewfexport(1), ewfverify(1) libewf October 17, 2009 libewf

Check Out this Related Man Page

grokevt-parselog(1)													       grokevt-parselog(1)

NAME
grokevt-parselog - Parse a windows event log and generate human-readable output based on message resources stored in a database. SYNOPSIS
grokevt-parselog -?|--help .PP grokevt-parselog -l database-dir .PP grokevt-parselog -m database-dir log-type .PP grokevt-parselog [-v] [-H] [-h] [-U] [-u] database-dir log-type .SH DESCRIPTION grokevt-parselog reads a windows event log (.evt file) and combines that informa- tion with messages templates and other resources stored in a pre-generated database. This is then printed to stdout in a comma-separated values (CSV) format. The database must be created by grokevt-builddb(1). ARGUMENTS
database-dir This is the directory where the database is stored. Currently, the actual log files from the original system are also stored in this directory tree. log-type This is the windows name for the log. By default windows has the following logs: Application Security System But others may have been created by third party software. Use the -l option to print a list of all available log types. (The log names are case-sensitive.) OPTIONS
-? Prints a basic usage statement. --help Same as -?. -l Log list mode. Lists the logs available in the specified database. -m Meta information mode. Lists meta information stored in the header of the specified log file. Does not print any actual log records. (Format of output in this mode is still subject to change.) -v Verbose mode. Prints status messages to stderr, which can be helpful for debugging. -h Prints a header row at the top of the CSV output containing labels for each column. (This is the default behavior.) -H Disables the printing of a header row. This is useful when grokevt-parselog is used in a script. -u Enables the UTF-8 output of some strings. This can be dangerous on terminals that are not configured to support UTF-8. -U Disables the use of UTF-8 for output. Unicode strings are instead converted to UTF-8 first, and then any remaining non-ASCII char- acters are quoted. (This is the default behavior.) EXAMPLES
To list all available logs types stored in '~/example.grokevt': grokevt-parselog -l ~/example.grokevt To read the 'Application' log from the database stored in '~/example.grokevt' and print it to stdout: grokevt-parselog ~/example.grokevt Application To read the 'System' log from the database stored in '~/example.grokevt' and print it to stdout without a header, and with verbosity turned on: grokevt-parselog -v -H ~/example.grokevt System BUGS
Probably a few. This script has not been extensively tested with some guest platforms. The file event log file format is pretty well understood and implemented, but some diabolical wrapped, dirty, or fragmentary logs may not be correctly parsed. Unicode support is currently limited. Any suggestions on how to better handle unicode output would be appreciated. CREDITS
Originally written by Jamie French. Converted to Python and extended by Timothy D. Morgan. Andreas Schuster has contributed greatly to the understanding of the event log format. Copyright (C) 2005-2007 Timothy D. Morgan Copyright (C) 2004 Jamie French LICENSE
Please see the file "LICENSE" included with this software distribution. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER- CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more details. SEE ALSO
grokevt(7) grokevt-addlog(1) grokevt-builddb(1) grokevt-dumpmsgs(1) grokevt-findlogs(1) grokevt-ripdll(1) File Conversion Utilities 20 March 2008 grokevt-parselog(1)