Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.0 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

ewfacquire()			     LOCAL			  ewfacquire()

NAME
       ewfacquire -- acquires data in the EWF format

SYNOPSIS
       ewfacquire  [-A	codepage]  [-b number_of_sectors] [-B number_of_bytes]
		  [-c compression_values] [-C  case_number]  [-d  digest_type]
		  [-D  description]  [-e  examiner_name]  [-E evidence_number]
		  [-f  format]	[-g   number_of_sectors]   [-l	 log_filename]
		  [-m  media_type]  [-M	 media_flags]  [-N  notes] [-o offset]
		  [-p	  process_buffer_size]	    [-P	     bytes_per_sector]
		  [-r  read_error_retries]  [-S	segment_file_size] [-t target]
		  [-T toc_file]	[-2 secondary_target] [-hqRsuvVwx] source

DESCRIPTION
       ewfacquire is a utility to acquire media	data from a source  and	 store
       it  in  EWF format (Expert Witness Compression Format).	ewfacquire ac-
       quires media data in a format equivalent	to EnCase and FTK imager,  in-
       cluding	meta data. Under Linux,	FreeBSD, NetBSD, OpenBSD, MacOS-X/Dar-
       win ewfacquire supports reading directly	from device  files.  On	 other
       platforms ewfacquire can	convert	a raw (dd) image into the EWF format.

       ewfacquire  is  part of the libewf package.  libewf is a	library	to ac-
       cess the	Expert Witness Compression Format (EWF).

       source the source file(s) or device

       The options are as follows:

       -A codepage
	       the codepage of header section, options:	ascii (default),  win-
	       dows-874,  windows-932,	windows-936, windows-949, windows-950,
	       windows-1250, windows-1251,  windows-1252,  windows-1253,  win-
	       dows-1254,  windows-1255,  windows-1256,	 windows-1257  or win-
	       dows-1258

       -b number_of_sectors
	       the number of sectors to	read at	once (per chunk), options: 16,
	       32, 64 (default), 128, 256, 512,	1024, 2048, 4096, 8192,	 16384
	       or 32768

       -B number_of_bytes
	       the number of bytes to acquire

       -c compression_values
	       specify	the  compression values	as: level or method:level com-
	       pression	method options:	deflate	 (default)  compression	 level
	       options:	none (default),	empty-block, fast or best

       -C case_number
	       the case	number (default	is case_number)

       -d digest_type
	       calculate  additional digest (hash) types besides md5, options:
	       sha1, sha256

       -D description
	       the description (default	is description)

       -e examiner_name
	       the examiner name (default is examiner_name)

       -E evidence_number
	       the evidence number (default is evidence_number)

       -f format
	       the EWF file format to write to,	options: ewf, smart, ftk,  en-
	       case1,  encase2,	 encase3, encase4, encase5, encase6 (default),
	       encase7,	linen5,	linen6,	linen7,	ewfx.

       -g number_of_sectors
	       the number of sectors to	be used	as error granularity

       -h      shows this help

       -l log_filename
	       logs acquiry errors and the digest (hash) to the	log filename

       -m media_type
	       the media type, options:	fixed (default),  removable,  optical,
	       memory

       -M media_flags
	       the media flags,	options: logical, physical (default)

       -N notes
	       the notes (default is notes)

       -o offset
	       the offset to start to acquire (default is 0)

       -p process_buffer_size
	       the process buffer size (default	is the chunk size)

       -P bytes_per_sector
	       the  number  of	bytes per sector (default is 512) (use this to
	       override	the automatic bytes per	sector detection)

       -q      quiet shows minimal status information

       -r read_error_retries
	       the number of retries when a read error occurs (default is 2)

       -R      resume acquiry at a safe	point

       -s      swap byte pairs of the media data (from AB to BA) (use this for
	       big to little endian conversion and vice	versa)

       -S segment_file_size
	       the segment file	size in	bytes (default is 1.4 GiB) (minimum is
	       1.0 MiB,	maximum	is 7.9 EiB for encase6 and encase7 format  and
	       1.9 GiB for other formats)

       -t target
	       the target file (without	extension) to write to (default	is im-
	       age)

       -T toc_file
	       specify	the  file containing the table of contents (TOC) of an
	       optical disc. The TOC file must be in the CUE format.

       -u      unattended mode (disables user interaction)

       -v      verbose output to stderr

       -V      print version

       -w      zero sectors on read error (mimic EnCase	like behavior)

       -x      use the chunk data instead of the buffered read and write func-
	       tions.

       -2 secondary_target
	       the secondary target file (without extension) to	write to

       ewfacquire will read from a file	or device until	it encounters  a  read
       error.  On read error it	will retry the number of retries specified. If
       ewfacquire still	is unable to read and,	if  specified,	it  will  zero
       (wipe)  the  the	 remainder of the number of sectors specified as error
       granularity. If ewfacquire should mimic EnCase it will zero all of sec-
       tors specified as error granularity.

       Empty block compression detects blocks of  sectors  with	 entirely  the
       same byte data and compresses them using	the default compression	level.

       The  encase6 and	encase7	format allows for segment files	greater	than 2
       GiB (2147483648 bytes).

ENVIRONMENT
       None

FILES
       None

EXAMPLES
       ewfacquire can either image devices, (split) RAW	image file(s) or opti-
       cal disc	(split)	RAW image files.  ewfacquire will try to detect	device
       information, but	results	may vary per platform.	In attended mode  (de-
       fault) ewfacquire will ask for the information it requires.

   To image a floppy:
       # ewfacquire /dev/fd0
       ewfacquire 20120805

       Device information:
       Bus type:
       Vendor:				       Y-E DATA
       Model:				       USB-FDU
       Serial:

       Storage media information:
       Type:				       Device
       Media size:			       1.4 MB (1474560 bytes)
       Bytes per sector:		       512

       Information about acquiry required, please provide the necessary	input
       Image path and filename without extension: floppy
       Case number: 1
       Description: Floppy
       Evidence	number:	1.1
       Examiner	name: John D.
       Notes: Just a floppy in my system
       Media type (fixed, removable, optical, memory) [fixed]: removable
       Media characteristics (logical, physical) [logical]:
       Use EWF file format (smart, ftk,	encase1, encase2, encase3, encase4, encase5, encase6, encase7, linen5, linen6, linen7, ewfx) [encase6]:	encase5
       Compression method (deflate) [deflate]:
       Compression level (none,	empty-block, fast, best) [none]:
       Start to	acquire	at offset (0 <=	value <= 1474560) [0]:
       The number of bytes to acquire (0 <= value <= 1474560) [1474560]:
       Evidence	segment	file size in bytes (1.0	MiB <= value <=	1.9 GiB) [1.4 GiB]:
       The number of bytes per sector (1 <= value <= 4294967295) [512]:
       The number of sectors to	read at	once (16, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384,	32768) [64]:
       The number of sectors to	be used	as error granularity (1	<= value <= 64)	[64]:
       The number of retries when a read error occurs (0 <= value <= 255) [2]:
       Zero sectors on read error (mimic EnCase	like behavior) (yes, no) [no]:

       The following information was provided:
       Image path and filename:		       floppy.E01
       Case number:			       1
       Description:			       Floppy
       Evidence	number:			       1.1
       Examiner	name:			       John D.
       Notes:				       Just a floppy in	my system
       Media type:			       removable
       Is physical:			       no
       EWF file	format:			       Encase 5	(.E01)
       Compression method:		       deflate
       Compression level:		       none
       Acquiry start offset:		       0
       Number of bytes to acquire:	       1.4 MiB (1474560	bytes)
       Evidence	segment	file size:	       1.4 GiB (1572864000 bytes)
       Bytes per sector:		       512
       Block size:			       64 sectors
       Error granularity:		       64 sectors
       Retries on read error:		       2
       Zero sectors on read error:	       no

       Continue	acquiry	with these values (yes,	no) [yes]:

       Acquiry started at: Sun Aug  5 11:32:41 2012

       This could take a while.

       Status: at 2%.
	       acquired	32 kB (32768 bytes) of total 1.4 MiB (1474560 bytes).

	     ...

       Status: at 100%.
	       acquired	1.4 MiB	(1474560 bytes)	of total 1.4 MiB (1474560 bytes).
	       completion in 1 second(s) with 1	MiB/s (1474560 bytes/second).

       Acquiry completed at: Sun Aug  5	11:32:42 2012

       Written:	1.4 MiB	(1474560 bytes)	in 1 second(s) with 1 MiB/s (1474560 bytes/second).

       MD5 hash	calculated over	data:	       ae1ce8f5ac079d3ee93f97fe3792bda3

   To convert a	split RAW image	into an	EWF image:
       # ewfacquire usb256.raw.0??
       ewfacquire 20120805

       Storage media information:
       Type:				       RAW image
       Media size:			       262 MB (262144000 bytes)
       Bytes per sector:		       512

	     ...

   To  convert an optical disc RAW image with a	table of contents file into an
   EWF image:
       # ewfacquire -T cdrom.cue cdrom.iso
       ewfacquire 20120805

       Storage media information:
       Type:				       Optical disc RAW	image
       Media size:			       42 MB (42885120 bytes)
       Bytes per sector:		       2048
       Sessions:
	       total number: 2
	       at sector(s): 0 - 20619 number: 20620
	       at sector(s): 20620 - 20939 number: 320

	     ...

DIAGNOSTICS
       Errors, verbose and debug output	are printed  to	 stderr	 when  verbose
       output  -v  is  enabled.	Verbose	and debug output are only printed when
       enabled at compilation.

BUGS
       Please  report  bugs  of	 any  kind  on	the  project  issue   tracker:
       https://github.com/libyal/libewf-legacy/issues

AUTHOR
       These man pages were written by Kees Mastwijk.

       Alterations for distribution have been made by Joachim Metz.

COPYRIGHT
       Copyright 2006-2014, Joachim Metz <joachim.metz@gmail.com>.

       This  is	free software; see the source for copying conditions. There is
       NO warranty; not	even for MERCHANTABILITY or FITNESS FOR	 A  PARTICULAR
       PURPOSE.

SEE ALSO
       ewfacquirestream(1),	ewfexport(1),	  ewfinfo(1),	  ewfmount(1),
       ewfrecover(1), ewfverify(1)

libewf			       January 14, 2023			  ewfacquire()

---

NAME | SYNOPSIS | DESCRIPTION | ENVIRONMENT | FILES | EXAMPLES | DIAGNOSTICS | BUGS | AUTHOR | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ewfacquire&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact