Closed jackdyson1399 closed 3 years ago
joachimmetz
commented
3 years ago Could you please help identify if this is an issue with ewfverify on large images,
@jackdyson1399 you'll have to do most of this yourself, just basic system troubleshooting
jackdyson1399
commented
3 years ago Any guidance on how to troubleshoot would be appreciated please, I am not a skilled Linux user I'm afraid.
My main concern is that the speed has dropped so drastically upon reaching 20%, which I have never seen before. Usually it works perfectly fine.
joachimmetz
commented
3 years ago My main concern is that the speed has dropped so drastically upon reaching 20%
many reasons for this, defective device, USB connectivity issues.
USB 3 connections and compatibility is all correct.
Can you indicate how you confirmed this? Just looking at the cables is not sufficient you'll need to check the bus status of your operating system
Where would I get the system logs?
(1) I'm not your system administrator, I recommend figuring this out yourself and/or taking a course in basic system administration (2) how can you practice forensics without knowing the necessary systems internals?
jackdyson1399
commented
3 years ago I am an intern who has been tasked with a research project the first step of which is to mount the E01 file in Linux. I had very limited prior knowledge to Linux and currently have very limited support, hence why I am reaching out for help from the community. And as you are the Developer I thought you may be able to provide some insight into what may be causing the issue and provide some ways to trouble shoot them.
The HDD is brand new and the caddy and cables are brand new. I looked into checking the bus status of my OS and was directed to the lsusb -v command which showed no errors and it noted that the USB3.0 was being used for my device.
I have also looked into my system logs and cannot find anything of interest relating to my mounted USB device. However, as you will appreciate, there are a lot of logs and it is hard identifying where to look .
joachimmetz
commented
3 years ago I am an intern who has been tasked with a research project the first step of which is to mount the E01 file in Linux. I had very limited prior knowledge to Linux and currently have very limited support,
I strongly recommend to provide such context when you ask the question.
Reaching out to the developer of a user-space application before troubleshooting system level issues, is not the right path to start. I strongly recommend getting some local support first, someone that can help you troubleshoot on your system, before reaching out for community support.
There are many reasons why the ETA can be large / hardware can fail under Linux (or other operating systems), sometimes your hardware is too new for the Linux kernel used by your distro. This issue tracker is for libewf specific issues, not for general Linux troubleshooting. I don't have the bandwidth for that, there is no mythical "community" behind this issue tracker.
So'll close this issue as out of scope. If you have ruled out any standard systems issue and have clear indications that the issue is specific to the software, feel free to append this to this issue and I'll consider reopening.
Hi, I am currently running ewfverify on a 1TB E01 file which is segmented into 2GB chunks. The E01 file is stored on a new 1TB 3.5" 7200RPM Seagate HDD that is connected from a HDD Caddy, via a USB 3.0 cable, to an Ubuntu virtual machine, where the verification is being run.
The verification started at an expected speed (based on my previous attempts), verifying at ~150 MiB/s. However, at about 20% completion, the verification has slowed right down to less than 3 MiB/s and has not increased for the last 24hours. The total verified is increasing, but very slowly and at this current speed, with ewfveryify is saying it will complete in 3 day's time. I have done this in the past and not seen the speed drop this low.
Could you please help identify if this is an issue with ewfverify on large images, or wheteher it is an issue with the hardware or other set up I am using (considering I have done this previous with an equally large sample and have it complete in about a day).