How to write a "logical" volume image?

[samicheema]

Hi,

I am using this library for physical drive compression and its working fine. Now, I want to use this library for volume based(logical drives) compression. Can somebody help me in it.

Either I have to update the library or I just have to set the parameters.

Your support in this regard will be highly appreciated.

Thanks & Regards Sami Cheema

[joachimmetz]

From the library point of view both type of storage media are the same. Some EWF files contain metadata that indicate if the contents is a "physical" otherwise a "logical" volume.

[joachimmetz]

Set the media type and media flags appropriate before write to have naive tools correctly detect the content.

https://github.com/libyal/libewf-legacy/blob/master/include/libewf.h.in#L980 https://github.com/libyal/libewf-legacy/blob/master/include/libewf/definitions.h.in#L136 https://github.com/libyal/libewf-legacy/blob/master/include/libewf/definitions.h.in#L147

[samicheema]

Thanks for the response @joachimmetz, I tried to get the volume based imaging, by setting the volume type "logical". But it generates the whole physical drive image instead of a drive wise. Could you please help me in it. Thanks

[joachimmetz]

setting logical or physical is only changing the metadata, you'll also need to store the right data in the EWF files, e.g. instead of /dev/sda (physical) you read /dev/sda1 (logical)

[samicheema]

Please guide me where we can set this? Thanks

[joachimmetz]

Please guide me where we can set this?

You cannot set this in libewf, this out of scope of the library. The library only provides you access to the EWF storage format. What data and how you put into it or get out of it, is up to the application code that uses the library.

[samicheema]

@joachimmetz, I have downloaded this library. Where in libewf-20140608\ewftools\ewfacquire.c did by setting "_option_targetfilename" or "_option_tocfilename" with complete logical drive path could resolve my issue?

[joachimmetz]

ewfacquire is part of the (ewf)tools not "the library".

option_toc_filename is used for the file that contains the table of contents for optical disks. So this it not relevant for storing a volume image in an EWF file.

option_target_filename the resulting EWF file set name. This is needed for both physical and logical images. You'll need this anyway but not specifically for storing a volume image in an EWF file.

what you likely want is similar to: ewfaqcuire -M physical /dev/sda ewfaqcuire -M logical /dev/sda1

[samicheema]

@joachimmetz, thanks for the prompt responses, this resolve my issue.

Just one more question did the "empty-block" and "zero-block" are same thing?

[joachimmetz]

A zero-block is an empty-block filled with 0-byte values

[samicheema]

Alright. Thanks (y)

[joachimmetz]

Question answered, closing issue