SecurityFocus

Linux, dd, and image file Apr 01 2003 04:31PM
Sabol, Paul (PSABOL mgmmirage com) (6 replies)

Re: Linux, dd, and image file Apr 03 2003 04:31PM
Paul Hoyt Nelson (pnelson thumper lerc nasa gov)

Re: Linux, dd, and image file Apr 02 2003 12:25PM
Jesse Kornblum (jesse kornblum ogn af mil)

Re: Linux, dd, and image file Apr 02 2003 09:02AM
Birger Toedtmann (btoedtmann exp-math uni-essen de)

Re: Linux, dd, and image file Apr 02 2003 06:19AM
Grega Bremec (gregab gbsoft org) (1 replies)

Re: Linux, dd, and image file Apr 02 2003 03:28PM
Brian Carrier (carrier cerias purdue edu) (1 replies)

On Wed, Apr 02, 2003 at 08:19:37AM +0200, Grega Bremec wrote:
> ...and on Tue, Apr 01, 2003 at 08:31:10AM -0800, Sabol, Paul used the keyboard:
> You should check out the partition table using "fdisk -l /dev/hdc",
> then "dd if=/dev/hdc1 ..." if the NTFS partition is the first and/or
> the only one on that disk, or use the corresponding partition number.

Paul,

I agree that you likely grabbed the entire disk instead of the
partitions. I wrote an article in the last Sleuth Kit Informer about
extracting partitions from a disk image using 'dd' and 'fdisk' that
provides more info on doing this on a Linux system.

http://www.sleuthkit.org/informer/sleuthkit-informer-2.html#split
http://sleuthkit.sourceforge.net/informer/sleuthkit-informer-2.html#spli
t

brian

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

[ reply ]

Re: Linux, dd, and image file Apr 02 2003 04:35PM
Volker Tanger (volker tanger discon de)

Re: Linux, dd, and image file Apr 02 2003 04:29AM
crazytrain (subscribe crazytrain com)

Re: Linux, dd, and image file Apr 02 2003 03:30AM
Luis Gomez (lgomez infoemergencias com)