Here's a Handy Tool for Disk Imaging
Erich Newell
erich.newell at gmail.com
Sun Apr 8 14:14:53 MST 2007
I just popped in and have seen a ton of comments regarding proper imaging of
a hard drive, and thought I'd throw in my two cents.
One of my favorite tools is dcfldd (http://www.forensicswiki.org/wiki/Dcflddand
http://www.sourceforge.net/projects/dcfldd/). It is a forensic version of
dd, that can be used over a network. It essentially does the same things
that many have been describing, but in a much cleaner interface.
A snippet from the wiki:
-------- snip -------
*dcfldd* is an enhanced version of dd <http://www.forensicswiki.org/wiki/Dd>.
It has some useful features for forensic
investigators<http://www.forensicswiki.org/index.php?title=Investigator&action=edit>:
- On-the-fly hashing <http://www.forensicswiki.org/wiki/Hash> of the
transmitted data.
- Progress bar of how much data has already been sent.
- Wiping of disks with known patterns.
- Verification that the image is identical to the original drive,
bit-for-bit.
- Simultaneous output to more than one file/disk is possible.
- The output can be splitted into multiple files.
- Logs and data can be piped into external applications.
The program only produces raw image
files<http://www.forensicswiki.org/wiki/Raw_image_file>.
-------- end snip -------
I thought some may find this useful.
--
"A man is defined by the questions that he asks; and the way he goes about
finding the answers to those questions is the way he goes through life."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070408/88246dce/attachment.htm
More information about the PLUG-discuss
mailing list