qkaiser
commented
1 year ago Standard reference documented here: https://github.com/libyal/libewf/blob/main/documentation/Expert%20Witness%20Compression%20Format%20(EWF).asciidoc
Format is made of segments containing sections. We can get to the end offset by browsing through sections.
I didn't find third party extractors so far. What we could do is use ewfexport to translate from ewf to raw data and get other handlers (e.g. extfs, ntfs) pick up chunks from raw.
This is a common disk image format found in the digital forensics domain. Would bring a whole new set of users for unblob if this were added.