RE: How to DD NTFS?

From: Matt (mattat_private)
Date: Thu Jan 02 2003 - 05:40:56 PST

Next message: Timothy Poole: "RE: How to DD NTFS?"

Previous message: Mark: "Re: How to DD NTFS?"
Next in thread: Timothy Poole: "RE: How to DD NTFS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Susan, all,

1. If you use the command fdisk /dev/hda you may be able to tell from
the file system type on the right hand side of the partition print out.
2. Linux can support NTFS if support is compiled in as a module. Write
support is not recommended as it can do nasty things to the underlying
file system. It will read quite happily though. It bypasses the NTFS
file privileges.
3. Get a Linux rescue/boot disk such as the Gentoo linux
(www.gentoo.org) install disk - it should have all the tools you need
for dd, and may support NTFS read only out of the box. It doesn't
require any hard disk disk installation. You may also want to check out
Trinux (www.trinux.org). It's a CD bootable distribution will security
related tools. I've not used it, so I can't comment on its suitability
in this case.

Hope this helps,

Matt

-----Original Message-----
From: Susan Chan Lee [mailto:susan.leeat_private] 
Sent: 02 January 2003 11:31
To: forensicsat_private
Subject: How to DD NTFS?

Hi - Happy New Year to All. 

We all know how to dd a Ext2,3 Fat filesystems from Linux, but can
anyone advise how to dd a NTFS partition. My question is 2 fold:

1. From Linux, I am unable to mount the NTFS partitions, so how do I
know which /dev/hda* is NTFS etc..
2. If I make a guess and dd /dev/hda4 (which happens to NTFS), how to
mount later? As Linux does not recognise NTFS
3. Any suggestions how to dd NTFS when the system does not have Linux
installed, nor do you want to install Linux (or any UNIX for that
matter)

Thanks for any help
Susan Chan Lee



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Timothy Poole: "RE: How to DD NTFS?"
Previous message: Mark: "Re: How to DD NTFS?"
Next in thread: Timothy Poole: "RE: How to DD NTFS?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 18:52:51 PST