Perhaps an alternative to nc is cryptcat <http://farm9.com/content/Free_Tools/Cryptcat> to add encryption of the data passed over the network. -scm On Fri, 31 May 2002, Estes, Matt CPR / FCBS wrote: > Just wanted to know the forensics comments for doing the following. The > practical applications are amazing (and free), but maybe I'm just catching > up > with the norm. > > Run "nc -l -p 4000 | dd of=/dev/hdb1 bs=512 conv=swab" to setup a netcat > server piping to hdb1 partition on my linux box. > > Run "dd.exe if=\\.\C: bs=512 | nc.exe a.b.c.d 4000" on my Win 2000 box. > > swab option was necessary because somewhere along the way the bytes were > swapped (network ordering? compiler differences with nc.exe?). > > Instant bit copy of the partition across the network... and no annoying > overhead. I believe this would work as live imaging of harddrives for > analysis (comments appreciated). But, it's also a network drive imaging > system that fits on a floppy and works between OS's. > > Matt > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 04:31:17 PDT