Re: How to DD NTFS?

From: Pieter-Bas IJdens (pieter-basat_private)
Date: Thu Jan 02 2003 - 06:38:27 PST

Next message: Aaron Cheek: "Re: How to DD NTFS?"

Previous message: Sawyer, John H.: "RE: How to DD NTFS?"
Next in thread: Aaron Cheek: "Re: How to DD NTFS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Together with the many suggestions already made, you can also use the system
internals tools (www.systeminternals.com) to mount NTFS volumes on Windows
98 and DOS. The free versions provide read-only access, which probably is
what you want anyway.

For mirroring a drive on an NT based system, just make sure it is not
mounted. Then you can use the SCSI read commands directly to read sectors
and mirror the drive. However, I would personally not want to boot NT with
an NT volume in the system. You never know what windows writes to the
filesystem or cleans from it on bootup. Especially with the on the newer
NTFS that is a risk.

A good source for a bootable CD linux distribution by the way is
http://sourceforge.net/projects/rescuecd/. It's timo's rescue cd set, which
is a debian install that you can easilly modify yourself when you need to.

  Pieter-Bas

----- Original Message -----
From: "Susan Chan Lee" <susan.leeat_private>
To: <forensicsat_private>
Sent: Thursday, January 02, 2003 12:31 PM
Subject: How to DD NTFS?


> Hi - Happy New Year to All.
>
> We all know how to dd a Ext2,3 Fat filesystems from Linux, but can
> anyone advise how to dd a NTFS partition. My question is 2 fold:
>
> 1. From Linux, I am unable to mount the NTFS partitions, so how do I
> know which /dev/hda* is NTFS etc..
> 2. If I make a guess and dd /dev/hda4 (which happens to NTFS), how to
> mount later? As Linux does not recognise NTFS
> 3. Any suggestions how to dd NTFS when the system does not have Linux
> installed, nor do you want to install Linux (or any UNIX for that
> matter)
>
> Thanks for any help
> Susan Chan Lee
>
>
>
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
>


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Aaron Cheek: "Re: How to DD NTFS?"
Previous message: Sawyer, John H.: "RE: How to DD NTFS?"
Next in thread: Aaron Cheek: "Re: How to DD NTFS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:53:18 PST