At Sun, 10 Aug 2003 it looks like Jim Zajkowski composed: > On Saturday, August 9, 2003, at 1:04 PM, Sakaba wrote: > > > I have tried time and time again to make images of my NTFS drives via > > the > > dd command in windows. > > Why do that? I use a FreeBSD "fixit" cd, which has a live FreeBSD > system on the disc. Once there, I use dd and pipe it into ssh and send > it over an ssh pipe to my analysis machine. Works like a charm. > > I do this: > > # ifconfig xl0 inet some.ip.add.ress netmask net.mask.goes.here > # route add -net 0 the.gateway.add.ress > # cd /dev; /dist/dev/MAKEDEV std Hi Jim, I didn't get the reason for the "MAKEDEV std" on the above line. Thanks. > # dd if=/dev/ad0s1 | dd obs=5m | dd obs=5m | gzip -6 | ssh my.machine > "gzcat > image.dd" > > The three dd's on that line set up a buffer stream that allows the > reading dd to not have to stop for network traffic so often. Otherwise > you get a lot of read... pause... read... pause... and that makes it > take 2 or 3 times longer. I'm also gzipping since it's not a local > wire to my analysis machine. > Great email to archive for reference. :) -- |<----------------------"Word-Wrap-At-72-Please"---------------------->| Bill Schoolcraft PO Box 210076 -o) San Francisco CA 94121 /\ "UNIX, A Way Of Life." _\_v ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 17:16:22 PDT