On Saturday, August 9, 2003, at 1:04 PM, Sakaba wrote: > I have tried time and time again to make images of my NTFS drives via > the > dd command in windows. Why do that? I use a FreeBSD "fixit" cd, which has a live FreeBSD system on the disc. Once there, I use dd and pipe it into ssh and send it over an ssh pipe to my analysis machine. Works like a charm. I do this: # ifconfig xl0 inet some.ip.add.ress netmask net.mask.goes.here # route add -net 0 the.gateway.add.ress # cd /dev; /dist/dev/MAKEDEV std # dd if=/dev/ad0s1 | dd obs=5m | dd obs=5m | gzip -6 | ssh my.machine "gzcat > image.dd" The three dd's on that line set up a buffer stream that allows the reading dd to not have to stop for network traffic so often. Otherwise you get a lot of read... pause... read... pause... and that makes it take 2 or 3 times longer. I'm also gzipping since it's not a local wire to my analysis machine. --Jim -- Jim Zajkowski http://www.jimz.net/pgp-pubkey.asc System Administrator 8A9E 1DDF 944D 83C3 AEAB 8F74 8697 A823 2113 5C53 ITCS Contract Services ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 12:24:38 PDT