Re: raw disk access
What about
cp /dev/sdx /dev/sdy
It works very well on two identical drives -
- perhaps when the second one is larger, too.
You don't need any permissions. The result is really a clone
including partition table!
I used this from a floppy with a full version of cp.
Christian
> ----- Original Message -----
> From: "Alberto Cortés" <alcortes@coitt.es>
> To: "Debian-security" <debian-security@lists.debian.org>
> Sent: Saturday, February 08, 2003 12:43 PM
> Subject: Re: raw disk access
> El mar, 07 de ene de 2003, a las 19:51 -0800,
> Blars decía que:
>
> > In article <1041995302.6379.49.camel@cartman.veeev.net> viv@veeev.com writes:
> > > i am looking for forensics tools that can be used in computer
> > > crime investigations, and am particularly interesting in a tool
> > > that provides raw drive (hard, floppy, CD, DVD, etc.) access in
> > > order to create complete and accurate drive images.
> >
> > Low level tools are no trick at all. If you are root or root has given
> > you access (recomended), you can use any normal tools (dd, grep, perl)
> > on the appropriate /dev/hd* or /dev/sd* .
> >
> > You can mount the filesystem read-only if you don't want to access
> > deleted files, etc.
> >
>
> As far as i know, when u do something like:
>
> dd if=/dev/org_dev of=/dev/dest_dev
>
> You are pasing through 2 interfaces u don't control, at least u don't
> have direct control of them. I am talking about the drivers of the
> devices, which can do some modifications of the data.
>
> A look to the drivers, driver_open() driver_close(), driver_read() and
> so on has to be done to fully understand what they are doing with the
> data, not to mention the hardware functionality implemented by the
> hardware, like error checking and other things.
>
> I have never look at any hard disk driver but i think u will have to
> do it if u want to be sure.
>
> Maybe u can disable some hardware functionality with some IOCTL.
> ...
Reply to: