Here's a Handy Tool for Disk Imaging
Jon M. Hanson
jon at the-hansons-az.net
Mon Apr 9 06:01:08 MST 2007
dd (and all of the variants mentioned here) makes a sector-by-sector
copy of the physical disk. It doesn't care what filesystem is used
because it isn't reading at the filesystem level. It's reading the
actual bits that make up the filesystem structures and the files
themselves. So if you properly use dd (capture the correct partitions)
then you will get an image that will allow you to do a "bare metal"
recovery without having to reinstall the operating system.
Wayne Davis wrote:
> In the event of a catastrophic drive failure, Will this recover a system
> WITHOUT re-installing the OS first? I didnot see a mechanism for doing
> that.
>
> Arconis uses a boot cd that enables USB, network shares and uses image
> files Ive created on a 80 gig USB drive formatted NTFS as well as other
> images on shared NTFS drives.
>
>
> Erich Newell wrote:
>
>> I just popped in and have seen a ton of comments regarding proper
>> imaging of a hard drive, and thought I'd throw in my two cents.
>>
>> One of my favorite tools is dcfldd (
>> http://www.forensicswiki.org/wiki/Dcfldd and
>> http://www.sourceforge.net/projects/dcfldd/). It is a forensic version
>> of dd, that can be used over a network. It essentially does the same
>> things that many have been describing, but in a much cleaner interface.
>>
>> A snippet from the wiki:
>>
>> -------- snip -------
>>
>> *dcfldd* is an enhanced version of dd
>> <http://www.forensicswiki.org/wiki/Dd>. It has some useful features
>> for forensic investigators
>> <http://www.forensicswiki.org/index.php?title=Investigator&action=edit>:
>>
>> * On-the-fly hashing <http://www.forensicswiki.org/wiki/Hash> of
>> the transmitted data.
>> * Progress bar of how much data has already been sent.
>> * Wiping of disks with known patterns.
>> * Verification that the image is identical to the original drive,
>> bit-for-bit.
>> * Simultaneous output to more than one file/disk is possible.
>> * The output can be splitted into multiple files.
>> * Logs and data can be piped into external applications.
>>
>> The program only produces raw image files
>> <http://www.forensicswiki.org/wiki/Raw_image_file>.
>>
>> -------- end snip -------
>>
>> I thought some may find this useful.
>>
>> --
>> "A man is defined by the questions that he asks; and the way he goes
>> about finding the answers to those questions is the way he goes
>> through life."
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change you mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Jon M. Hanson (N7ZVJ)
Homepage: http://the-hansons-az.net
Weblog: http://the-hansons-az.net/wordpress
Jabber IM: jon at the-hansons-az.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070409/f8d3e797/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070409/f8d3e797/attachment-0001.pgp
More information about the PLUG-discuss
mailing list