This project extracts and parses interesting files and data from a Windows EWF image.
Python dependencies can be installed with using pip::
$ python3 -m pip install -r requirements.txtYou will also need sleuthkit and libtsk19 installed:
On debian based systems::
# apt-get install sleuthkit libtsk19You can use the -h flag to get help, here is an example of how you'd use this tool:
$ python3 win_ewf_extractor.py -c config/events.yml -o output -f images/Disk_Image.E01This would extract Event Logs from the journals defined in the config/events.yml configuration. More configurations are available in config to match your needs.
Documentation is made using [sphynx](), once the requirements are installed, you can generate it with
cd docs/ && make html && python3 -m http.serverDocumentation will be disponible in your favorite web browser at https://localhost:8000/
Alternatively, you can read the PDF file named doc.pdf.