> -----Original Message----- > From: Michael Scott [mailto:arcadiansat_private] > Sent: Sunday, 10 August 2003 2:53 a.m. > To: forensicsat_private > Subject: drive integrity check problems > > > Hi, > > A beginning analyst I needs some advice. please. > > I have imaged a very old Windows FAT drive (3.7Gb) and tried to verfiy the > original physical drive integrity before imaging in RH Linux > by hashing: > > # md5sum /dev/hdd Have you imaged the drive or you have it in your computer? According to the line above, you're trying to do a md5sum of a HDD which is live and inside. In any case, technically you're able to do this, but be sure not to mount any partition of that HDD as the data might change and md5sum is worthless. I'd recommend doing a real image (dd) and then calculating md5sum. > I get an error: File Input/Output Error some way into the hash calc. Is > this indicative of bad sectors ? > I also get the same when I do a plain dd image , dd if=/dev/hdd. > > By adding conv=noerror I can image the drive, ignoring errors and this > works, fine albeit very slowly. That's pretty much a sign of a dying HDD. You can check filesystems with e2fsck, and for badblocks run badblocks utility. Beware of flags - by default badblocks will do a non-destructive read-only test, with -n it will do a non-destructive read-write test. Regards, Bojan Zdrnja ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 12:34:38 PDT