libewf
« Back to VersTracker
Description:
Library for support of the Expert Witness Compression Format
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: forensics digital-forensics ewf security imaging
Install: brew install libewf
About:
Libewf is a library and toolset for handling the Expert Witness Compression Format (EWF), commonly used in digital forensics. It enables reading, writing, and converting disk image evidence files created by tools like EnCase and FTK. Its primary value is providing open-source access to proprietary forensic image formats for analysis and preservation.
Key Features:
  • Support for EWF versions E01, Ex01, and L01
  • Case data and hash set extraction capabilities
  • Support for various compression methods including deflate and bzip2
  • Python bindings (pyewf) available for scripting
  • CLI tools for querying and converting images
Use Cases:
  • Mounting E01 forensic images on Linux or macOS for analysis
  • Converting proprietary EWF images to open formats like raw disk images
  • Automating forensic evidence processing via Python scripts
Alternatives:
  • ewf-tools – Libewf is the modern, actively maintained successor to the original 'ewf-tools' (libewf-legacy).
Version History
Detected Version Rev Change Commit
Sep 11, 2025 3:23am 0 VERSION_BUMP 104a626a
« Back to VersTracker  |  Browse Packages  |  About