1libewf(3) BSD Library Functions Manual libewf(3)
2
4 libewf.h — Library to read from and write to the Expert Witness Compres‐
5 sion Format (EWF) file format
6
8 library “libewf”
9
11 #include <libewf.h>
12 int8_t
14 libewf_check_file_signature(const char *filename);
15 LIBEWF_HANDLE *
17 libewf_open(char * const filenames[], uint16_t file_amount, uint8_t flags);
18 off_t
20 libewf_seek_offset(LIBEWF_HANDLE *handle, off_t offset);
21 ssize_t
23 libewf_read_buffer(LIBEWF_HANDLE *handle, void *buffer, size_t size);
24 ssize_t
26 libewf_read_random(LIBEWF_HANDLE *handle, void *buffer, size_t size, off_t offset);
27 ssize_t
29 libewf_write_buffer(LIBEWF_HANDLE *handle, void *buffer, size_t size);
30 ssize_t
32 libewf_write_random(LIBEWF_HANDLE *handle, void *buffer, size_t size, off_t offset);
33 ssize_t
35 libewf_write_finalize(LIBEWF_HANDLE *handle);
36 int8_t
38 libewf_close(LIBEWF_HANDLE *handle);
39 int32_t
41 libewf_get_bytes_per_sector(LIBEWF_HANDLE *handle);
42 int32_t
44 libewf_get_amount_of_sectors(LIBEWF_HANDLE *handle);
45 int32_t
47 libewf_get_chunk_size(LIBEWF_HANDLE *handle);
48 int32_t
50 libewf_get_error_granularity(LIBEWF_HANDLE *handle);
51 int8_t
53 libewf_get_compression_level(LIBEWF_HANDLE *handle);
54 int64_t
56 libewf_get_media_size(LIBEWF_HANDLE *handle);
57 int8_t
59 libewf_get_media_type(LIBEWF_HANDLE *handle);
60 int8_t
62 libewf_get_media_flags(LIBEWF_HANDLE *handle);
63 int8_t
65 libewf_get_volume_type(LIBEWF_HANDLE *handle);
66 int8_t
68 libewf_get_format(LIBEWF_HANDLE *handle);
69 int8_t
71 libewf_get_guid(LIBEWF_HANDLE *handle, uint8_t *guid, size_t size);
72 int64_t
74 libewf_get_write_amount_of_chunks(LIBEWF_HANDLE *handle);
75 int8_t
77 libewf_set_media_values(LIBEWF_HANDLE *handle, uint32_t sectors_per_chunk, uint32_t bytes_per_sector);
78 int8_t
80 libewf_set_guid(LIBEWF_HANDLE *handle, uint8_t *guid, size_t size);
81 int8_t
83 libewf_set_write_segment_file_size(LIBEWF_HANDLE *handle, uint32_t segment_file_size);
84 int8_t
86 libewf_set_write_compression_values(LIBEWF_HANDLE *handle, int8_t compression_level, uint8_t compress_empty_block);
87 int8_t
89 libewf_set_write_media_type(LIBEWF_HANDLE *handle, uint8_t media_type, uint8_t volume_type);
90 int8_t
92 libewf_set_write_format(LIBEWF_HANDLE *handle, uint8_t format);
93 int8_t
95 libewf_set_write_input_size(LIBEWF_HANDLE *handle, uint64_t input_write_size);
96 int8_t
98 libewf_set_swap_byte_pairs(LIBEWF_HANDLE *handle, uint8_t swap_byte_pairs);
99 int8_t
101 libewf_parse_header_values(LIBEWF_HANDLE *handle, uint8_t date_format);
102 int8_t
104 libewf_parse_hash_values(LIBEWF_HANDLE *handle);
105 int8_t
107 libewf_add_acquiry_error(LIBEWF_HANDLE *handle, uint64_t sector, uint32_t amount_of_sectors);
108 void
110 libewf_set_notify_values(FILE *stream, uint8_t verbose);
111 When the library was compiled with narrow character support (default) the
113 following functions are available
114 const char *
116 libewf_get_version(void);
117 int8_t
119 libewf_get_header_value(LIBEWF_HANDLE *handle, char *identifier, char *value, size_t length);
120 int8_t
122 libewf_get_header_value_case_number(LIBEWF_HANDLE *handle, char *case_number, size_t length);
123 int8_t
125 libewf_get_header_value_description(LIBEWF_HANDLE *handle, char *description, size_t length);
126 int8_t
128 libewf_get_header_value_examiner_name(LIBEWF_HANDLE *handle, char *examiner_name, size_t length);
129 int8_t
131 libewf_get_header_value_evidence_number(LIBEWF_HANDLE *handle, char *evidence_number, size_t length);
132 int8_t
134 libewf_get_header_value_notes(LIBEWF_HANDLE *handle, char *notes, size_t length);
135 int8_t
137 libewf_get_header_value_acquiry_date(LIBEWF_HANDLE *handle, char *acquiry_date, size_t length);
138 int8_t
140 libewf_get_header_value_system_date(LIBEWF_HANDLE *handle, char *system_date, size_t length);
141 int8_t
143 libewf_get_header_value_acquiry_operating_system(LIBEWF_HANDLE *handle, char *acquiry_operating_system, size_t length);
144 int8_t
146 libewf_get_header_value_acquiry_software_version(LIBEWF_HANDLE *handle, char *acquiry_software_version, size_t length);
147 int8_t
149 libewf_get_header_value_password(LIBEWF_HANDLE *handle, char *password, size_t length);
150 int8_t
152 libewf_get_header_value_compression_type(LIBEWF_HANDLE *handle, char *compression_type, size_t length);
153 int8_t
155 libewf_get_hash_value(LIBEWF_HANDLE *handle, char *identifier, char *value, size_t length);
156 int8_t
158 libewf_set_header_value(LIBEWF_HANDLE *handle, char *identifier, char *value, size_t length);
159 int8_t
161 libewf_set_header_value_case_number(LIBEWF_HANDLE *handle, char *case_number, size_t length);
162 int8_t
164 libewf_set_header_value_description(LIBEWF_HANDLE *handle, char *description, size_t length);
165 int8_t
167 libewf_set_header_value_examiner_name(LIBEWF_HANDLE *handle, char *examiner_name, size_t length);
168 int8_t
170 libewf_set_header_value_evidence_number(LIBEWF_HANDLE *handle, char *evidence_number, size_t length);
171 int8_t
173 libewf_set_header_value_notes(LIBEWF_HANDLE *handle, char *notes, size_t length);
174 int8_t
176 libewf_set_header_value_acquiry_date(LIBEWF_HANDLE *handle, char *acquiry_date, size_t length);
177 int8_t
179 libewf_set_header_value_system_date(LIBEWF_HANDLE *handle, char *system_date, size_t length);
180 int8_t
182 libewf_set_header_value_acquiry_operating_system(LIBEWF_HANDLE *handle, char *acquiry_operating_system, size_t length);
183 int8_t
185 libewf_set_header_value_acquiry_software_version(LIBEWF_HANDLE *handle, char *acquiry_software_version, size_t length);
186 int8_t
188 libewf_set_header_value_password(LIBEWF_HANDLE *handle, char *password, size_t length);
189 int8_t
191 libewf_set_header_value_compression_type(LIBEWF_HANDLE *handle, char *compression_type, size_t length);
192 int8_t
194 libewf_set_hash_value(LIBEWF_HANDLE *handle, char *identifier, char *value, size_t length);
195 int8_t
197 libewf_calculate_md5_hash(LIBEWF_HANDLE *handle, char *string, size_t length);
198 int8_t
200 libewf_get_stored_md5_hash(LIBEWF_HANDLE *handle, char *string, size_t length);
201 int8_t
203 libewf_get_calculated_md5_hash(LIBEWF_HANDLE *handle, char *string, size_t length);
204 When the library was compiled with wide character support the following
206 functions are available instead of the narrow character functions
207 const wchar_t *
209 libewf_get_version(void);
210 int8_t
212 libewf_get_header_value(LIBEWF_HANDLE *handle, wchar_t *identifier, wchar_t *value, size_t length);
213 int8_t
215 libewf_get_header_value_case_number(LIBEWF_HANDLE *handle, wchar_t *case_number, size_t length);
216 int8_t
218 libewf_get_header_value_description(LIBEWF_HANDLE *handle, wchar_t *description, size_t length);
219 int8_t
221 libewf_get_header_value_examiner_name(LIBEWF_HANDLE *handle, wchar_t *examiner_name, size_t length);
222 int8_t
224 libewf_get_header_value_evidence_number(LIBEWF_HANDLE *handle, wchar_t *evidence_number, size_t length);
225 int8_t
227 libewf_get_header_value_notes(LIBEWF_HANDLE *handle, wchar_t *notes, size_t length);
228 int8_t
230 libewf_get_header_value_acquiry_date(LIBEWF_HANDLE *handle, wchar_t *acquiry_date, size_t length);
231 int8_t
233 libewf_get_header_value_system_date(LIBEWF_HANDLE *handle, wchar_t *system_date, size_t length);
234 int8_t
236 libewf_get_header_value_acquiry_operating_system(LIBEWF_HANDLE *handle, wchar_t *acquiry_operating_system, size_t length);
237 int8_t
239 libewf_get_header_value_acquiry_software_version(LIBEWF_HANDLE *handle, wchar_t *acquiry_software_version, size_t length);
240 int8_t
242 libewf_get_header_value_password(LIBEWF_HANDLE *handle, wchar_t *password, size_t length);
243 int8_t
245 libewf_get_header_value_compression_type(LIBEWF_HANDLE *handle, wchar_t *compression_type, size_t length);
246 int8_t
248 libewf_get_hash_value(LIBEWF_HANDLE *handle, wchar_t *identifier, wchar_t *value, size_t length);
249 int8_t
251 libewf_set_header_value(LIBEWF_HANDLE *handle, wchar_t *identifier, wchar_t *value, size_t length);
252 int8_t
254 libewf_set_header_value_case_number(LIBEWF_HANDLE *handle, wchar_t *case_number, size_t length);
255 int8_t
257 libewf_set_header_value_description(LIBEWF_HANDLE *handle, wchar_t *description, size_t length);
258 int8_t
260 libewf_set_header_value_examiner_name(LIBEWF_HANDLE *handle, wchar_t *examiner_name, size_t length);
261 int8_t
263 libewf_set_header_value_evidence_number(LIBEWF_HANDLE *handle, wchar_t *evidence_number, size_t length);
264 int8_t
266 libewf_set_header_value_notes(LIBEWF_HANDLE *handle, wchar_t *notes, size_t length);
267 int8_t
269 libewf_set_header_value_acquiry_date(LIBEWF_HANDLE *handle, wchar_t *acquiry_date, size_t length);
270 int8_t
272 libewf_set_header_value_system_date(LIBEWF_HANDLE *handle, wchar_t *system_date, size_t length);
273 int8_t
275 libewf_set_header_value_acquiry_operating_system(LIBEWF_HANDLE *handle, wchar_t *acquiry_operating_system, size_t length);
276 int8_t
278 libewf_set_header_value_acquiry_software_version(LIBEWF_HANDLE *handle, wchar_t *acquiry_software_version, size_t length);
279 int8_t
281 libewf_set_header_value_password(LIBEWF_HANDLE *handle, wchar_t *password, size_t length);
282 int8_t
284 libewf_set_header_value_compression_type(LIBEWF_HANDLE *handle, wchar_t *compression_type, size_t length);
285 int8_t
287 libewf_set_hash_value(LIBEWF_HANDLE *handle, wchar_t *identifier, wchar_t *value, size_t length);
288 int8_t
290 libewf_calculate_md5_hash(LIBEWF_HANDLE *handle, wchar_t *string, size_t length);
291 int8_t
293 libewf_get_stored_md5_hash(LIBEWF_HANDLE *handle, wchar_t *string, size_t length);
294 int8_t
296 libewf_get_calculated_md5_hash(LIBEWF_HANDLE *handle, wchar_t *string, size_t length);
297 When wide character support functions like wmain and wopen are present
299 and libewf is compiled with HAVE_WIDE_CHARACTER_SUPPORT_FUNCTIONS the
300 following functions will replace their narrow character functions.
301 int8_t
303 libewf_check_file_signature(const wchar_t *filename);
304 LIBEWF_HANDLE *
306 libewf_open(wchar_t * const filenames[], uint16_t file_amount, uint8_t flags);
307
309 The libewf_get_version() function is used to retrieve the library ver‐
310 sion.
311 The libewf_check_file_signature() function is used to test if the EWF
313 file signature is present within a certain filename.
314 The libewf_open(), libewf_seek_offset(), libewf_read_buffer(),
316 libewf_read_random(), libewf_write_buffer(), libewf_write_random(),
317 libewf_close() functions can be used to open, seek in, read from, write
318 to and close a set of EWF files.
319 The libewf_write_finalize() function needs to be called after writing a
321 set of EWF files without knowing the input size upfront, e.g. reading
322 from a pipe. libewf_write_finalize() will the necessary correction to
323 the set of EWF files. Note that certain information like the calculated
324 MD5 has is not available if libewf_write_finalize() has not been issued.
325 The libewf_get_*() functions can be used to retrieve information from the
327 handle. This information is read from a set of EWF files when
328 libewf_open() is used. The libewf_parse_header_values,()
329 libewf_parse_hash_values() functions need to be called before retrieving
330 header or hash values.
331 The libewf_set_*() functions can be used to set information in the
333 handle. This information is written to a set of EWF files when
334 libewf_write_buffer() is used.
335 The libewf_parse_header_values() function can be used to parse the values
337 in the header strings within a set of EWF files.
338 The libewf_parse_hash_values() function can be used to parse the values
340 in the hash string within a set of EWF files. The hash string is cur‐
341 rently only present in the EWF-X format.
342 The libewf_add_acquiry_error() function can be used to add an acquiry
344 error (a read error during acquiry) to be written into a set of EWF
345 files.
346 The libewf_set_notify_values() function can be used to direct the warn‐
348 ing, verbose and debug output from the library.
349
351 Most of the functions return NULL or -1 on error, dependent on the return
352 type. For the actual return values refer to libewf.h
353
355 None
356
358 None
359
361 Please report bugs of any kind to <forensics@hoffmannbv.nl> or on the
362 project website: https://libewf.uitwisselplatform.nl/
363
365 These man pages were written by Joachim Metz.
366
368 Copyright 2006-2007 Joachim Metz, Hoffmann Investigations <foren‐
369 sics@hoffmannbv.nl> and contributors. This is free software; see the
370 source for copying conditions. There is NO warranty; not even for MER‐
371 CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
372
374 the libewf.h include file
375libewf May 12, 2007 libewf