hi everybody, I need to dump a tape (created by ufsdump) using dd in to a temporary filesystem (a single file). The platform is SunOS5.9. The command I...
... Alfredo, That error may have something to do with the block size. Try specifying a block size like 64k or 128k: # dd if=/dev/rmt/0 of=/home/export/temp.dd...
nikkel@...
Feb 9, 2006 2:34 pm
1917
Hi All
Bit of a vague question I know but I was wondering if there was an accepted minimum "dcfldd" command that people use when imaging hard discs.
I was...
For dealing with bad sectors and errors, use "conv=sync,noerror" always. That is the only switch that I would say HAS to be in every dd command that is used...
You might also have to play with the block size setting on the tape drive itself if it isn't set to 0 (auto). You can find out what the hardware block size is...
Stuart, I would agree with Nick (as most would, he being the author and all). A good base dcfldd command would be: dcfldd conv=sync,noerror if=/dev/hda...
Here's a perl script I wrote a while back that attempts to first copy with at full speed and backs of to use block-by-block if errrors are found. CAVEAT...
I am looking in to it as we speak. If I am correct, the only advantages of dd_rescue are as follows (beyond what conv=sync,noerror provides): 1. The ability...
... I would guess that with modern drives, which have their own elaborate internal error recovery, and with a Linux driver layered on top of that - that...
... Without the ability to drop to a lower blocksize in case of read errors, the trade-off is to find lowest possible blocksize that will yield good...
... This makes a lot of sense, as does the equation you presented behind it. However, does this also mean that the hashwindow you use will impact the overall...
... The hashwindow size you pick should have no real affect on performance except for the added IO of writing out the potentially HUGE hashlog if your ...
... hdparm has some options, which on the face of things look like they may affect performance: -a get/set fs readahead -A set drive read-lookahead flag...
Hi to all guys, Anyone knows some guidelines or examples about how to do forensics reports? I know that you must show all the steps that you did, how were the...
Hi, look http://www.ojp.usdoj.gov/nij/pubs-sum/199408.htm (good guideline and examples) Best Regards Vincent Lemoine Policeman Officer Squad Forensics Unit ...
Great guide and some impressive worksheets in Appendix C. A few thoughts from a lawyer, though: 1. Records help you remember what you did and, in a few cases,...
hi all, I am going to build a forensic software for PDA. Means WinCE,palm OS, Linux, Blackberry and some high end symbian OS based phone. I have done...
Hi bollix, Now i am building GUI for analysis in GTK+,GLADE, Anjuta IDE. I have just started now. If u see the paraben PDA forensic software which is for...
... [...] ... Isn't 512 the default for regular old 'dd'? If dcfldd's default is different that dd's, I think it is important that the document (man page)...
... Yes. ... from human.c /* The default block size used for output. This number may change in the future as disks get larger. */ #ifndef DEFAULT_BLOCK_SIZE ...
Interesting, lengthy, thread on the security focus forensics list: http://www.securityfocus.com/archive/104/425449/30/0/threaded The person who originally...
My approach is to identify each sector that generates an error as well as the specific error. A checksum error simply means that either the data is unreliable...
... Since your display name is ASR Data, when you say "my approach", do you mean the approach taken by some component of SMART, or just your own personal...
Coming back to this. I'll offer a suggestion on what I think might be 'best practice'. First, by way of example, let's say that we used an imaging approach...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
