📄 ewf_header.h
字号:
* \r\n * * case number, evidence number, unique description, examiner name, and notes are free form strings (except for \t and \n) * * acquired date, and system date are in the form "2002 3 4 10 19 59", which is March 4, 2002 10:19:59 * * version is the Encase version used to acquire the image * * platform is the operating system used to acquire the image * * pwhash the password hash should be the character '0' for no password * * char contains one of the following letters * b => best compression * f => fastest compression * n => no compression *//* Header definition found in Encase 4 and 5 * A fifth line is present which is empty * * 1 \r\n * main \r\n * c \t n \t a \t e \t t \t av \t ov \t m \t u \t p \r\n * case number \t evidence number \t unique description \t examiner name \t notes \t version \t platform \t acquired date \t system date \t pwhash \r\n * \r\n * * case number, evidence number, unique description, examiner name, and notes are free form strings (except for \t and \n) * * acquired date, and system date are in the form "2002 3 4 10 19 59", which is March 4, 2002 10:19:59 * * version is the Encase version used to acquire the image * * platform is the operating system used to acquire the image * * pwhash the password hash should be the character '0' for no password * *//* Header found in linen 5 * * 3 \n * main \n * a \t c \t n \t e \t t \t av \t ov \t m \t u \t p \n * unique description \t case number \t evidence number \t examiner name \t notes \t version \t platform \t acquired date \t system date \t pwhash \n * \n * srce \n * 0 1 \n * p n id ev tb lo po ah gu aq \n * 0 0 \n * -1 -1 \n * \n * sub \n * 0 1 \n * p n id nu co gu \n * 0 0 \n * 1 \n * \n * unique description, case number, evidence number, examiner name, and notes are free form strings (except for \t and \n) * * acquired date, and system date are in the form unix time stamp "1142163845", which is March 12 2006, 11:44:05 * * version is the Encase version used to acquire the image * * platform is the operating system used to acquire the image * * pwhash the password hash should be empty for no password * * TODO the remaining values are currently unknown *//* Header found in linen 6 * * 3 \n * main \n * a \t c \t n \t e \t t \t md \t sn \t av \t ov \t m \t u \t p \t dc \n * unique description \t case number \t evidence number \t examiner name \t notes \t model \t serial number \t version \t platform \t acquired date \t system date \t pwhash \t ? \n * \n * srce \n * 0 1 \n * p n id ev tb lo po ah gu aq \n * 0 0 \n * -1 -1 \n * \n * sub \n * 0 1 \n * p n id nu co gu \n * 0 0 \n * 1 \n * \n * unique description, case number, evidence number, examiner name, notes, model, and serial number are free form strings (except for \t and \n) * * acquired date, and system date are in the form unix time stamp "1142163845", which is March 12 2006, 11:44:05 * * version is the EnCase version used to acquire the image * * platform is the operating system used to acquire the image * * pwhash the password hash should be empty for no password * * TODO the remaining values are currently unknown */#define EWF_HEADER EWF_CHAR#define EWF_HEADER_SIZE EWF_CHAR_SIZE#define ewf_header_uncompress( header, length ) \ ewf_string_uncompress( header, length )#define ewf_header_compress( header, length, compression_level ) \ ewf_string_compress( header, length, compression_level )#define ewf_header_length( header ) \ ewf_string_length( header )#define ewf_header_read( file_descriptor, length ) \ ewf_string_read_compressed( file_descriptor, length )#define ewf_header_write( header, file_descriptor, length ) \ ewf_string_write_from_buffer( header, file_descriptor, length )#ifdef __cplusplus}#endif#endif⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -