Re: raw disk access

To: debian-security@lists.debian.org
Cc:
Subject: Re: raw disk access
From: Blars Blarson <blarson@blars.org>
Date: Tue, 7 Jan 2003 19:51:06 -0800
Message-id: <[🔎] 200301080351.h083p5ts009529@monkey.nat.blars.org>
In-reply-to: <[🔎] 1041995302.6379.49.camel@cartman.veeev.net>

In article <[🔎] 1041995302.6379.49.camel@cartman.veeev.net> viv@veeev.com writes:
>	i am looking for forensics tools that can be used in computer
>	crime investigations, and am particularly interesting in a tool
>	that provides raw drive (hard, floppy, CD, DVD, etc.) access in
>	order to create complete and accurate drive images.

Low level tools are no trick at all.  If you are root or root has given
you access (recomended), you can use any normal tools (dd, grep, perl)
on the appropriate /dev/hd* or /dev/sd* .

You can mount the filesystem read-only if you don't want to access
deleted files, etc.

-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden

Reply to:

References:
- raw disk access
  - From: viv <viv@veeev.com>

Prev by Date: Re: raw disk access
Next by Date: Re: raw disk access
Previous by thread: Re: raw disk access
Next by thread: Re: raw disk access
Index(es):
- Date
- Thread