On Tue, 16 Oct 2001, Neil Long wrote: > Hello Hi, Neil > Disks keep getting bigger :-( Yes, they do. It's both a blessing and a curse, really. > It is straight forward to split up a large disk in to CD-R size chunks but > am I missing something painfully obvious for a reconstruction of a disk from > said CD-Rs? I assume you need a large holding disk in order to I assume you want an exact block by block disk copy including empty space, not just a copy of the files. > cat img.1 img.2 img.3 etc etc > /dev/disk-whatever (or using | dd > of=/dev/disk and options to maintain blocksizes, etc) > > [gzip, zcat, etc could be used to reduce the image sizes but becomes > somewhat hard to predict with regard to compressibility without a dry-run] > > Is there any easy way to append from individual CDs to a device file? It is probably possible to do something using dd and oseek, especially if your image on CDs is all spit up in even sized chunks, to make math easy. Then, probably, assuming you are on your third CD, and each previous image was 500 megs in size, you can probably do something like: dd if=/cdrom/image.2 bs=1024k oseek=1001 of=/dev/rdsk/c1t1d0s2 Of course I am probably off with math, and this method doesn't let you you to use compression on the chunks, unless you want to do some more complex math. > Feel free to point out the painfully obvious and any hints as to what to do > as disks get way too big ;-) You can use dd and netcat to duplicate disks across the network. Something like: On the destination system: nc -l -p 1234 | dd of=/dev/rdsk/c1t1d0s2 on the system from which you are duping a disk: dd if=/dev/rdsk/c7t0d0s2 | nc <ip of destination system> 1234 We use this technique to clone standard OS load onto new user's desktops. Needless to say, it helps a great deal if you have nc on your forensic toolkit CD, you can put gzip in between netcat and reading/writing file to cut down on bandwidth, converting to use ssh is not that hard, etc. It also helps if your dd is sane and seprates stdout and stderr, and doesn't send "0+1 records in 0+1 records out" out to netcat. Oh, and you probably really want to use raw devices, unless you are only getting a single partition, etc... I am sure you know more about filesystem layout then I do. Any way. Hope this helps. Have a nice day. > Cheers > Neil Signed: //Stany -- +-------+ Stanislav N Vardomskiy - Procurator Odiosus Ex Infernis[TM] +-------+ | "Backups we have; it's restores that we find tricky." Richard Letts at ASR | | This message is powered by JOLT! For all the sugar and twice the caffeine. | +--------+ My words are my own. LARTs are provided free of charge. +---------+ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 04:17:12 PDT