The Sleuth Kit is an open source forensic toolkit for analyzing
Microsoft and UNIX file systems and disks. The Sleuth Kit enables
investigators to identify and recover evidence from images
acquired during incident response or from live systems. The
Sleuth Kit is open source, which allows investigators to verify
the actions of the tool or customize it to specific needs.

Sleuthkit can use libewf and afflib.