> If I wanted, for some reason, to dd to another raw disk, I > would have to make sure the geometry was the same (or the partition tables > would not work) and that the drive was as large or larger than the source > drive. To match the md5 sums with a large target drive, you would then > have to use dd to extract the correct number of blocks (determined by > the block count when the original dd was finished) and pipe it to stdout > and from there to stdin on md5sum. LBA mode (if in use!) helps here because with LBA mode the physical drive geometry is not used and a simulated geometry with the number of heads and number of sectors/track set to the maximum allowed by the EIDE interface specifications. This means the only variable item is the number of cylinders. Of course, for forensic examinations you have to be able to cope with any old drive... -- David Pick ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 21:58:45 PDT