Nov 26 2009

dcfldd: some common useful options

Tag: Informática LegalJoaquim Anguas @ 9:23 pm

I already discussed some of this here some time ago, but to be more explicit…

  • conv=sync,noerror

Don’t stop at errors, if there are errors, add zeros to the result so there are no “holes” left in the resulting image.

  • hashwindow=0 hashlog=file.txt

Calculate hash on the fly for the whole operation to file.txt.

For all this and for optimal BS calculation, see here.

And to learn how to mount the result as a loopback device, see here.


Nov 26 2009

Let it spin…

Tag: Informática LegalJoaquim Anguas @ 8:25 pm

This morning I had an in-court computer forensics action: I had to clone in-court some disks we seized in a search warrant we served some days ago. Easy task: you just need some basic equipment and tools, proceed very carefully and be patient. I started the action with the drive that was the biggest and the one we knew contained most evidences.

I plugged it in… and it wasn’t detected. I double-checked the cabling and stuff: same thing, again and again…

I was turning white-faced and a cold sweat was running down my spine. Then I realized the stupid thing I was missing was…

Continue reading “Let it spin…”