joachimmetz
commented
5 years ago FYI EWF can be multiple evidence types: disk, memory, optical, logical
Closed aarontp closed 2 years ago
joachimmetz
commented
5 years ago FYI EWF can be multiple evidence types: disk, memory, optical, logical
aarontp
commented
5 years ago Yeah, the intention here would be to support just the E01 disk format to start.
aarontp
commented
2 years ago
We should add a new evidence type for EWF along with pre/post-processors that know how to create a loop device and mount them so that other Tasks besides Plaso can also process them.