Results 1 to 6 of 6

Thread: Report on DD

  1. #1
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672

    Report on DD

    The national Institute of Justice conducted a report in 2004 to display the accuracy of the tool dd on freebsd(it's really the tool that matters, not the OS) for imaging disks and partitions..
    It's a good report, and it essentially illustrates one thing.. STOP wasting money on costly forensics bit stream copy programs!

    http://www.ncjrs.org/pdffiles1/nij/203095.pdf
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  2. #2
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Wow, great read hogfly...they definitely tested the crap out of dd!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    thx for the find.. good read !!

    I use dd for backups of whole partitions and even disks..
    Realy easy.. and you can also do some very cool tricks with it !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    so how does one make a copy of a hard drive to examine using dd and netcat in windows. i dont find the help file helpful in this

    Usage: dd [OPTION]...
    Copy a file, converting and formatting according to the options.

    bs=BYTES force ibs=BYTES and obs=BYTES
    cbs=BYTES convert BYTES bytes at a time
    conv=KEYWORDS convert the file as per the comma separated keyword list
    count=BLOCKS copy only BLOCKS input blocks
    ibs=BYTES read BYTES bytes at a time
    if=FILE read from FILE instead of stdin
    obs=BYTES write BYTES bytes at a time
    of=FILE write to FILE instead of stdout, don't truncate file
    seek=BLOCKS skip BLOCKS obs-sized blocks at start of output
    skip=BLOCKS skip BLOCKS ibs-sized blocks at start of input
    --help display this help and exit
    --version output version information and exit

    BYTES may be suffixed: by xM for multiplication by M, by c for x1,
    by w for x2, by b for x512, by k for x1024. Each KEYWORD may be:

    ascii from EBCDIC to ASCII
    ebcdic from ASCII to EBCDIC
    ibm from ASCII to alternated EBCDIC
    block pad newline-terminated records with spaces to cbs-size
    unblock replace trailing spaces in cbs-size records with newline
    lcase change upper case to lower case
    ucase change lower case to upper case
    swab swap every pair of input bytes
    noerror continue after read errors
    sync pad every input block with NULs to ibs-size

    i notice in helix there is a front end for dd listed is this any more intuitive?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Last year, we got a course in which we had to construct an automated backup-solution that was more flexible than products like Norton Ghost. We used a combination that was based on dd and UDP Cast. It was easy to set up, and the learning curve was minimal. And just as nice: it was plain fun to play with.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  6. #6
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Originally posted here by Tedob1
    so how does one make a copy of a hard drive to examine using dd and netcat in windows. i dont find the help file helpful in this

    Usage: dd [OPTION]...
    Copy a file, converting and formatting according to the options.

    bs=BYTES force ibs=BYTES and obs=BYTES
    cbs=BYTES convert BYTES bytes at a time
    conv=KEYWORDS convert the file as per the comma separated keyword list
    count=BLOCKS copy only BLOCKS input blocks
    ibs=BYTES read BYTES bytes at a time
    if=FILE read from FILE instead of stdin
    obs=BYTES write BYTES bytes at a time
    of=FILE write to FILE instead of stdout, don't truncate file
    seek=BLOCKS skip BLOCKS obs-sized blocks at start of output
    skip=BLOCKS skip BLOCKS ibs-sized blocks at start of input
    --help display this help and exit
    --version output version information and exit

    BYTES may be suffixed: by xM for multiplication by M, by c for x1,
    by w for x2, by b for x512, by k for x1024. Each KEYWORD may be:

    ascii from EBCDIC to ASCII
    ebcdic from ASCII to EBCDIC
    ibm from ASCII to alternated EBCDIC
    block pad newline-terminated records with spaces to cbs-size
    unblock replace trailing spaces in cbs-size records with newline
    lcase change upper case to lower case
    ucase change lower case to upper case
    swab swap every pair of input bytes
    noerror continue after read errors
    sync pad every input block with NULs to ibs-size

    i notice in helix there is a front end for dd listed is this any more intuitive?
    Tedob.
    Grab is MUCH more intuitive because all you need to do is set the source drive. (note I said drive, NOT partition), set the destination /path/to/dd_file.img, make sure you have md5 configured, and let it rip. hmmm I should write a quick how to for that..but ugh I've been swamped lately. It also has dcfldd which is the gov's version of dd that md5's as it copies rather than at the end which is faster.

    FYI
    while on a windows box, pop in the helix cd and if you have autoplay turned on it will bring up a gui that will dd your disk to a machine that has a netcat listener running. Helix is not just a live cd, it's also a windows incident response toolkit

    With dd on windows, you need to make sure you have dd for windows
    This is another group of tools that I use...
    http://users.erols.com/gmgarner/forensics/
    He has examples at the bottom of the page.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •