I just popped in and have seen a ton of comments regarding proper imaging of
a hard drive, and thought I'd throw in my two cents.
One of my favorite tools is dcfldd (
http://www.forensicswiki.org/wiki/Dcflddand
http://www.sourceforge.net/projects/dcfldd/). It is a forensic version of
dd, that can be used over a network. It essentially does the same things
that many have been describing, but in a much cleaner interface.
A snippet from the wiki:
-------- snip -------
*dcfldd* is an enhanced version of dd <
http://www.forensicswiki.org/wiki/Dd>.
It has some useful features for forensic
investigators<
http://www.forensicswiki.org/index.php?title=Investigator&action=edit>:
- On-the-fly hashing <
http://www.forensicswiki.org/wiki/Hash> of the
transmitted data.
- Progress bar of how much data has already been sent.
- Wiping of disks with known patterns.
- Verification that the image is identical to the original drive,
bit-for-bit.
- Simultaneous output to more than one file/disk is possible.
- The output can be splitted into multiple files.
- Logs and data can be piped into external applications.
The program only produces raw image
files<
http://www.forensicswiki.org/wiki/Raw_image_file>.
-------- end snip -------
I thought some may find this useful.
--
"A man is defined by the questions that he asks; and the way he goes about
finding the answers to those questions is the way he goes through life."
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)