Open cdaly2 opened 5 years ago
maurermj08
commented
5 years ago This issue is likely caused by a known conflict between libewf2 and libewf. To fix this issue:
$ sudo apt-get remove libewf2
$ sudo apt-get install libewf libewf2=20140608-1see: https://github.com/log2timeline/plaso/wiki/Troubleshooting-installation-issues#libewf
Please let me know if this fixes your issue. I did a quick test on Ubuntu 18.04 with the image files referenced and I had no issue.
cdaly2
commented
5 years ago Thanks for this. When I try and uninstall libewf2 it says it is not installed and trying to install the second file I get an error message that it does not exist. However, your diagnosis is likely correct as I had earlier installed the latest version of plaso and so I assume I had a newer version of libewf. I will use the docker version of efetch which should solve the issue.
I get the following error when uploading an image using the EWF format with more than one file:
[2019-02-10 10:41:10,318] ERROR in app: Exception on / [POST] Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/Flask-1.0.2-py2.7.egg/flask/app.py", line 2292, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python2.7/dist-packages/Flask-1.0.2-py2.7.egg/flask/app.py", line 1815, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python2.7/dist-packages/Flask-1.0.2-py2.7.egg/flask/app.py", line 1718, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python2.7/dist-packages/Flask-1.0.2-py2.7.egg/flask/app.py", line 1813, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python2.7/dist-packages/Flask-1.0.2-py2.7.egg/flask/app.py", line 1799, in dispatch_request return self.view_functionsrule.endpoint File "/home/charlie/install/efetch/efetch-master/efetch_server/efetch_app.py", line 50, in home pathspec = _helper.pathspec_helper.get_encoded_pathspec(upload_cache_path) File "/home/charlie/install/efetch/efetch-master/efetch_server/utils/pathspec_helper.py", line 768, in get_encoded_pathspec return JsonPathSpecSerializer.WriteSerialized(PathspecHelper.get_pathspec(pathspec_or_source)) File "/home/charlie/install/efetch/efetch-master/efetch_server/utils/pathspec_helper.py", line 754, in get_pathspec dfvfs_util = DfvfsUtil(pathspec_or_source) File "/home/charlie/install/efetch/efetch-master/efetch_server/utils/dfvfs_util.py", line 54, in init self.base_path_specs = self.get_base_pathspecs(source, interactive) File "/home/charlie/install/efetch/efetch-master/efetch_server/utils/dfvfs_util.py", line 855, in get_base_pathspecs u'Unable to scan source with error: {0:s}.'.format(exception)) RuntimeError: Unable to scan source with error: Unable to process source path specification with error: 'pyewf_handle_read_buffer: unable to read data. libewf_chunk_data_initialize: invalid chunk data. libewf_read_io_handle_read_chunk_data: unable to create chunk data. libewf_handle_read_buffer: unable to read chunk data: 148660.'.
The image I used was here: https://www.cfreds.nist.gov/Hacking_Case.html, in particular, https://www.cfreds.nist.gov/images/4Dell%20Latitude%20CPi.E01 and https://www.cfreds.nist.gov/images/4Dell%20Latitude%20CPi.E02
I am using ubuntu 18.04, downloaded the efetchmaster.zip and installed using the install.sh script. It works fine when the EWF image consists of one file.