Matt, You can also achieve the desired results with "Biatchux" (bootable CD) available at http://biatchux.dmzs.com/. All you need do is: 1. Boot from the Biatchux CD. 2. Get a DHCP address or manually add one. 3. Connect to a network share (Linux/SMB) for image and log storage. 4. Map all local drives "Read Only". always mount RO. This helps with your discussion below as well as other issues regarding integrity. 5. For now you'll need to open up another console and execute your dd statement: "dd if=/dev/hda of=/data/hda_image.eve" Biatchux is still a work in progress, but it is very useful now and offers a lot of promise. Christopher L. T. Brown Technology Pathways LLC Makers of ProDiscover DFT clbrownat_private Phone: 619-435-0906 http://www.TechPathways.com > -----Original Message----- > From: Estes, Matt CPR / FCBS [mailto:Matt.Estesat_private] > > Dangers of dd (aka. Delete Drive)... > It only takes one typo to ruin an entire drive with dd (like > dd of=\\.\C: > instead of dd if=\\.\C:). I'm using two unused partitions > for testing. > > Imaging a drive... > Replacing "if=\\.\C:" with "if=\\.\PhysicalDrive0" on the > windows side. > Thanks for the info from Mr. Syring... and thanks for porting > this dd.exe. > Replacing "of=/dev/hdb1" with "of=/dev/hdb". > Again, dd is dangerous and now your entire drive is > vulnerable to a typo, > and not just one unused partition. I have NOT tested this. > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 04:32:57 PDT