Hi everyone, I have tried time and time again to make images of my NTFS drives via the dd command in windows. I use the FIRE cd forensic shell on the windows box and: dd.exe if=\\.\f: |nc.exe <forensic machine IP> <port> On my linux box I run: nc -l -p <port> |dd of=/home/user/ntfs.dd That all works fine and it makes and transfers the file but then I try to add the file in autopsy and it tells me its not an NTFS image and consequently doesn't add it. I tried conv=noerrors and I tried just dumping the file on the linux box without dd on the of= side. I tried different NTFS partitions of different sizes as well. My linux box has the NTFS support kernel mod and everything else about autopsy works fine. Just these NTFS images. I have no probs using dd with linux partitions at all. I'd like to find a solution to this because commerical ware like Encase is outrageously expensive and dd is free making it perfect for my situation. Thanks, Sakaba ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 10 2003 - 06:43:33 PDT