Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

making a disk image?

0 views
Skip to first unread message

yoc...@plu.edu

unread,
Nov 6, 2001, 11:12:45 AM11/6/01
to
Okay, I would like to make a disk image of all the contents of a
partition or drive.. I know this can be done with dd... how? can anyone
provide an example?

I want to save the entire contents of a drive to a file disk.img

Thanks!
Nate

me

unread,
Nov 6, 2001, 2:39:20 PM11/6/01
to
yoc...@plu.edu wrote:

try this script i use. if it's not to be a bootable disk, comment out
the installboot command. you may need to hack up the SLICES
a bit to suite your environment.

bud

cp_disk

yoc...@plu.edu

unread,
Nov 12, 2001, 10:42:20 AM11/12/01
to
This is a great tool, I will definetly hold onto it; however, my fault
for not being more specific. I want to make an image of a particular
slice (or full disk) and save it as a binary file. Similar to making an
ISO of a cd, but of a harddrive... specifically so I can mount it via a
loopback device somewhere else and examine the contents (I am doing
forensic analysis).

Any ideas?

Thanks!

do...@59.usenet.us.com

unread,
Nov 12, 2001, 2:58:32 PM11/12/01
to
yoc...@plu.edu wrote:
: This is a great tool, I will definetly hold onto it; however, my fault
: for not being more specific. I want to make an image of a particular
: slice (or full disk) and save it as a binary file. Similar to making an
: ISO of a cd, but of a harddrive...

If you want an image of a filesystem, do you want to use mkisofs?
This would give you one file containing all of the files from your
filesystem. You may be able to mount it. You can certainly retrieve some
files from it.

mkisofs is part of the cdrtools package at
ftp://ftp.fokus.gmd.de/pub/unix/cdrecord
ignore the mkisofs and cdrecord packages there. The newest are bundled
into cdrtools and not maintained separately.
--
---
Clarence A Dold - do...@email.rahul.net
- Pope Valley (Napa County) CA.

Logan Shaw

unread,
Nov 12, 2001, 7:56:10 PM11/12/01
to
In article <3BEFEDDC...@plu.edu>, <yoc...@plu.edu> wrote:
>I want to make an image of a particular
>slice (or full disk) and save it as a binary file. Similar to making an
>ISO of a cd, but of a harddrive... specifically so I can mount it via a
>loopback device somewhere else and examine the contents (I am doing
>forensic analysis).

Just do "dd" from the device into some file. Here's an example:

# dev=`mount | awk '$1 == "/" { print $3 }'`
# echo $dev
/dev/dsk/c2t0d0s0
# dd if=$dev of=root.image bs=64k
# lofiadm -a `pwd`/root.image
/dev/lofi/1
# mount /dev/lofi/1 /mnt
# df -k /mnt
Filesystem kbytes used avail capacity Mounted on
/dev/lofi/1 673802 468318 144842 77% /mnt
#

It's better to use the raw device when copying, but either will work.

Of course, when you do this, you don't want to be running off the
system that has been compromised (assuming that's why you're trying to
do forensic analysis). You want to boot off CD-ROM or something. So
that example is just for illustration.

And you want to send that image to some non-local disk too, so you
might do something like this:

dd if=/dev/rdsk/c0d0p0s0 ibs=64k |
rsh otherhost dd ibs=1k of=root.image obs=64k

In order to be able to mount the image, you'll want to do separate
"dd"s for each slice. Of course, you have to assume that the partition
table isn't corrupted if you do this...

- Logan
--
"In order to be prepared to hope in what does not deceive,
we must first lose hope in everything that deceives."

Georges Bernanos

0 new messages