The 'encase export' kickstart module

A special variant of the kickstart module is the eekickstart. The eekickstart uses a loadable module of the fs abstraction library to insert evidence from an encase export.
The example below describes the command line usage of the kickstart module.

Usage: ./eekickstart caseid sourceid itemid path charset name

Example:

./eekickstart thunderstorm2 Box2 HDU1 /mount/mycase/repos LATIN1 thunder_hdu1

Parameters used with kickstart:
Remark:
Use for caseid, sourceid, itemid and name only alphanumeric values without any special characters.
  1. caseid. Describes the case.
  2. sourceid. Describes the source.
  3. itemid. Describes the item.
  4. path. The path from which the ocfa treewalker starts with analyzing.
  5. charset. Possible values:  LATIN1, UTF8, UCS-2, UTF-16 and many more (see iconv -l for a complete list).
  6. name. A user defined shorthand name describing the case.