Greetings! On Sun, 10 Aug 2003 02:04:34 +0900 "Sakaba" <Sakabaat_private> wrote: > dd.exe if=\\.\f: |nc.exe <forensic machine IP> <port> I am not sure, but I don't think that the IF= parameter does give a proper representation of the binary partition. I'd suggest booting from a linux CD or disk like Knoppix or TRBT and start from there. Solves the problem of locked files/parts when booting Windows, too. > I have no probs using dd with linux partitions at all. Windows partitions or complete multiboot disks work like a charm for me (e.g. as documented in http://wyae.de/docs/img_dd.php) - as long as there are no defective blocks on neither source nor destination media. So I guess the IF=<DosDriveLetter> parameter is the guilty one here. Bye Volker Tanger ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 12:25:33 PDT