ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.
|Maintainer:||Paul Rubin, David MacKenzie, Stuart Kemp|
|OS:||Linux, Windows, Mac OS X|
dd, sometimes called GNU dd, is the oldest of the imaging tools currently in use. It is part of the coreutils package. A command line program that has been ported to many operating systems, dd uses a complex series of flags to allow the user to image or write data from and to raw image files.
Here is a common dd command:
dd if=/dev/hda of=mybigfile.img bs=65536 conv=noerror,sync
dd.exe if=\\.\PhysicalDrive0 of=d:\images\PhysicalDrive0.img --md5sum --verifymd5 --md5out=d:\images\PhysicalDrive0.img.md5
Use extreme care when typing the command line for this program. Reversing the if and of flags will cause the computer to erase your evidence!