dd tool help

A place for general discussion of sleuthkit.org projects or other open source forensics software.

Moderator: carrier

dd tool help

Postby mikeb90 » Fri Oct 17, 2014 6:28 pm

hi guys,
i'm almost a newbie in the forensic world, so please , don't be so strict with me XD
A friend of mine asked me to try to recover some photos from his NTFS drive, i've told him that i'd try to, but with no such that amount of hope (the folders disappeared about a year ago...), however i wanted to try , and i've used the "dd tool" to copy the HD on my drive. My question is this:
i've prompted the following command

dd if= bla_bla_bla of=bla_bla_bla bs=4K

it's running windows XP, is it fine what i've done ? Thanks in advance
Posts: 1
Joined: Fri Oct 17, 2014 6:21 pm

Re: dd tool help

Postby Hoyt » Fri Apr 17, 2015 4:01 am

This is an old post and not the best spot to post it, but I'll toss in a reply in the event it helps someone else...

I'd refer you to Barry Grundy's "The Law Enforcement and Forensic Examiner's Introduction to Linux" beginning on page 56. If you dig into the text further, you'll find more information on alternate imaging tools, such as dc3dd that you might prefer over stock dd. The link to the text is here and Barry's website is here.
Hoyt Harness, CFCE
Posts: 74
Joined: Thu Dec 11, 2014 4:02 am
Location: Little Rock, AR

Return to General

Who is online

Users browsing this forum: No registered users and 1 guest