disk duplication advice
mark...@gmail.com
Thanks for your help in advance. What is the best method for copying
hard drives? I know how to use dd, but if I want to take a hard drive
and copy it with out it being a live image, what hardware can I
purchase to duplicate the image (disk duplicator)? Also what is the
best method for copying an image. Meaning, if I have a suspect hard
drive and I have a linux system set up for research do I first
duplicate the image (with what ever suggested hardware from my first
question), then I have to put the newly copied image into a system for
research, or is it at that point that I dd the image to my linux
research system. My guess would be that at that point after I
dupicate the image I insert the HD into a system and just do the
research on that system.
Again thanks for your help.
mark
Demonic Software
I would recommend obtaining a Live CD distribution of Knoppix. A live
distribution will boot a Linux OS into RAM and not from your disk.
All you need then is the other hard disk, a Blank CD, and a CD Burner.
Link to a Live CD:
http://www.knoppix.org/
Steps would be:
Get Live Distribution
Plug in Hard Disk
Boot the Live CD
Copy Disk A to Disk B
Hope this helps,
Cheers,
-ds
mark...@gmail.com
Say I obtain a hard drive for investigationl, and I have a system in
the office for conducting research. What method do you suggest I do
to image the drive and conduct forensics on it. I could place the
hard drive in a system and run dd against it to obtain the image on my
research box, or I could use a disk duplicator (which I know nothing
about and need inforation) on how to do.
Basically I am looking for the best way to copy an image from an
obtained hard drive to a research box for investigation.
Thanks
On Feb 20, 10:18 pm, "Demonic Software" <demonic.softw...@gmail.com>
wrote:
> I am not sure that I understand what you mean about a live image, but
> I would recommend obtaining a Live CD distribution of Knoppix. A live
> distribution will boot a Linux OS into RAM and not from your disk.
> All you need then is the other hard disk, a Blank CD, and a CD Burner.
>
> Link to a Live CD:http://www.knoppix.org/
>
> Steps would be:
> Get Live Distribution
> Plug in Hard Disk
> Boot the Live CD
> Copy Disk A to Disk B
>
> Hope this helps,
>
> Cheers,
>
> -ds
>
> On 2/20/07, mark4...@gmail.com <mark4...@gmail.com> wrote:
>
>
>
>
>
> > Hello,
>
> > Thanks for your help in advance. What is the best method for copying
> > hard drives? I know how to use dd, but if I want to take a hard drive
> > and copy it with out it being a live image, what hardware can I
> > purchase to duplicate the image (disk duplicator)? Also what is the
> > best method for copying an image. Meaning, if I have a suspect hard
> > drive and I have a linux system set up for research do I first
> > duplicate the image (with what ever suggested hardware from my first
> > question), then I have to put the newly copied image into a system for
> > research, or is it at that point that I dd the image to my linux
> > research system. My guess would be that at that point after I
> > dupicate the image I insert the HD into a system and just do the
> > research on that system.
>
> > Again thanks for your help.
>
> > mark- Hide quoted text -
>
> - Show quoted text -
liusiguang
most experience with. An image is an image is an image. How it is
acquired is not relevant...as long as the method was forensically
sound and the hashes match.
LSG
dtabone
The distribution is a LIVE CD which can be used for multiple reasons.
It is the evolution of WHAX and AUDITOR and has a host of digital
forensic tools that you can find by default installed in the programs
start menu.
You can get it here: http://www.remote-exploit.org/backtrack_download.html
Some of the tools are listed below:
# 1.10 Digital Forensics
* 1.10.1 Allin1
* 1.10.2 Autospy
* 1.10.3 DCFLDD
* 1.10.4 DD_Rescue
* 1.10.5 Foremost
* 1.10.6 Magicrescue
* 1.10.7 Mboxgrep
* 1.10.8 Memfetch
* 1.10.9 Memfetch Find
* 1.10.10 Pasco
* 1.10.11 Rootkithunter
* 1.10.12 Sleuthkit
* 1.10.13 Vinetto
Source: http://backtrack.offensive-security.com/index.php?title=Tools
Good luck!
D.