This method seems very workable. However, how do you get the inter-partition gap data? -----Original Message----- From: Mario Horvat [mailto:mariohat_private] Sent: Friday, August 15, 2003 1:48 AM To: forensicsat_private Subject: Forensic images using dd -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, in regards to the recent discussion about using dd to make forensic images, I would like to poing out a link to a fairly comprihensive howto, it covers dd(ing) disks partition by partition as to make an exact clone of the disk both locally and via the network using different methods (linux). The procedure would be almost identical for NTFS partitions. Might find it useful. http://sentinelsecurity.net/whitepapers/diskcloning.pdf Regards, - -- Mario Horvat Sentinel Data Security T +613 9640 0090 F +613 9640 0224 M 0412 085 429 http://sentinelsecurity.net Key: 0x06F54041[pgp.mit.edu] - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/PJ4xOzKrRgb1QEERAuFnAJ9/P1Snx3V4x8ZrbXTrNArpKlPOWgCfcm0G ekj4r2k9+VXB+/y9Y+gmjKQ= =ZvEb -----END PGP SIGNATURE----- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 17 2003 - 17:47:11 PDT