Re: Stand-alone Hard Drive Duplicating Devices

From: Alvin Oga (alvin.secat_private-Consulting.com)
Date: Wed Jun 19 2002 - 01:44:26 PDT

  • Next message: H C: "RE: Imaging a "live" system"

    hi ya j
    
    easiest way to clone systems ...
    
    assuming you have a master(original) disk  /dev/hda 
    assuming your clone is /dev/hdc
    
    cloning scripts are here...
    	http://www.Linux-Consulting.com/Boot/Linux-1U/
    
    	
    a.  fdisk  /dev/hdc
    	( fdisks.sh )
    
    b.  copy directories to /dev/hdc
    	( clone.sh )
    
    	mount /dev/hdc1 /mnt/hdc1
    	cd / ; tar cf - boot root bin sbin etc dev lib \
    	| ( cd /mnt/hdc1 ; tar xvfp - )
    
    	... repeat for other partitions like
    	/usr, /var
    
    
    	- dont forget to tchange the hostname/domainname/ip#
    	on the clone
    
    c.  run lilo to make the clone bootable
    	( i just use a boot floppy to boot the clone )
    
    	- or run lilo to dump into /dev/hdc disk
    	which will boot as hda when its used
    
    takes about 10-30 minutes to clone ..dpending ony our 
    duplicating station cpu/memory speeds
    
    c ya
    alvin
    
    
    On Tue, 18 Jun 2002, J Jewitt wrote:
    
    > 
    >    All,
    >   A few months ago, a post came through asking about
    > forensic duplication devices. I'd like to revisit that
    > issue.
    >   My organization has a need to be able to quickly
    > duplicate hard drives for forensic purposes, and we're
    > now exploring these devices as an option.
    >   We have a system in our forensics lab which uses
    > Trinux (and soon Biatchux) to duplicate as well, so
    > those paths have already been explored.
    >   Analysis of the image is typically done using
    > Encase. Encase can support a raw dd-type image or
    > capture from the original hard drive.
    > 
    >   These are my requirements:
    >   1. Support for SCSI and IDE hard drives
    >   2. Fairly fast duplication (approx 1 G/min)
    >   3. Claim of forensic-quality capabilities
    >   4. Methodology does not rely on duplicating to hard
    > drive with identical geometry.
    >   5. Source drive write blocking by default.
    >   6. Nice to have: optional evidence tag printer, hash
    > or checksum generator.
    >   7. Must be very portable.
    > 
    > We've looked at the following products, at their web
    > site:
    > 
    > www.ics-iq.com          Solo Product Line
    > www.logicube.com        Forensic SF5000
    > 
    > Does anyone have EXPERIENCE with a device like the
    > above, and is willing to recommend it?
    > 
    >      Thanks in advance,
    >        J Jewitt
    
    
    -----------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 08:11:21 PDT