Focus on Linux
Re: root shell auditing Aug 06 2008 06:16PM
Hari Sekhon (hpsekhon googlemail com) (1 replies)
RE: root shell auditing Aug 06 2008 07:17PM
Christian Lete (clete shellcode com ar) (2 replies)
Re: root shell auditing Aug 06 2008 08:30PM
Gautam R. Singh (gautam singh gmail com)
problems cloning a hard drive with dcfldd Aug 06 2008 08:14PM
DON RAIKES oracle com (3 replies)
Re: problems cloning a hard drive with dcfldd Aug 13 2008 08:25AM
Kosala Atapattu (kosala atapattu gmail com)
Re: problems cloning a hard drive with dcfldd Aug 09 2008 01:40AM
farmerdude (subscribe crazytrain com) (1 replies)
RE: problems cloning a hard drive with dcfldd Aug 11 2008 07:11PM
DON RAIKES ORACLE COM (1 replies)
Farmerdude,

Here are the results of the commands you suggested:

blkid:
/dev/sda1: UUID="D08405CF8405B94C" TYPE="ntfs"
/dev/sda2: UUID="423B-2BDF" TYPE="vfat"

fdisk:

Disk /dev/sda: 40.0 GB, 40007761920 bytes
255 heads, 63 sectors/track, 4864 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x4b36bdea

Device Boot Start End Blocks Id System
/dev/sda1 * 463 4863 35351032+ 7 HPFS/NTFS
/dev/sda2 1 462 3710983+ b W95 FAT32

Partition table entries are not in disk order

While I don't have a usb or firewire drive I can use to clone to directly, I do have an external harddrive enclosure for a laptop drive, so I will be pulling the drive from the laptop and connecting it to my forensics workstation using the enclosure.

I will try cloning the entire drive instead of just the ntfs partition also.

Thanks for the tips.

-----Original Message-----
From: farmerdude [mailto:subscribe (at) crazytrain (dot) com [email concealed]]
Sent: Friday, August 08, 2008 6:40 PM
To: DON.RAIKES (at) ORACLE (dot) COM [email concealed]
Cc: focus-linux
Subject: Re: problems cloning a hard drive with dcfldd

Don,

Can you provide the output of these commands issued from the laptop
system;

fdisk -l

blkid /dev/sda*

Instead of blowing across the network, are you able to attach a firewire
or USB hard drive to the laptop and blow your acquisition file via one
of those ports locally?

Also, based on your dcfldd command, you know that you are acquiring only
the first partition on the physical device, /dev/sda, yes?

If you want the physical device, remove the number from your command.
If you want only the partition continue on with your command then!

Cheers!

farmerdude

http://www.forensicbootcd.com

http://www.onlineforensictraining.com

[ reply ]
RE: problems cloning a hard drive with dcfldd Aug 11 2008 09:47PM
farmerdude (subscribe crazytrain com)
Re: problems cloning a hard drive with dcfldd Aug 07 2008 05:38PM
Dave Hull (dphull trustedsignal com) (2 replies)
Re: problems cloning a hard drive with dcfldd Aug 08 2008 06:21AM
Andreas Ferrari (aferrari stasoft ch)
RE: problems cloning a hard drive with dcfldd Aug 07 2008 06:48PM
DON RAIKES oracle com


 

Privacy Statement
Copyright 2010, SecurityFocus