EWF

EWF files are a binary representation of a disk image. They are created from a storage device, disk volume, or sometimes random access memory (RAM). The disk image can be used for digital forensics, but also as part of incident response and in-depth analysis.