Just wanted to know the forensics comments for doing the following. The practical applications are amazing (and free), but maybe I'm just catching up with the norm. Run "nc -l -p 4000 | dd of=/dev/hdb1 bs=512 conv=swab" to setup a netcat server piping to hdb1 partition on my linux box. Run "dd.exe if=\\.\C: bs=512 | nc.exe a.b.c.d 4000" on my Win 2000 box. swab option was necessary because somewhere along the way the bytes were swapped (network ordering? compiler differences with nc.exe?). Instant bit copy of the partition across the network... and no annoying overhead. I believe this would work as live imaging of harddrives for analysis (comments appreciated). But, it's also a network drive imaging system that fits on a floppy and works between OS's. Matt ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri May 31 2002 - 10:28:06 PDT