Difference between pages "Ddrescue" and "Slack"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(New page: {{Expand}} == Definition == In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides. ...)
 
Line 1: Line 1:
{{Infobox_Software |
+
{{Expand}}
  name = ddrescure |
+
  maintainer = [[Antonio Diaz Diaz]]|
+
  os = {{Linux}}|
+
  genre = {{Disk imaging}} |
+
  license = {{GPL}} |
+
  website = [http://www.gnu.org/software/ddrescue/ddrescue.html ddrescue.html] |
+
}}
+
  
'''ddrescue''' is a raw disk imaging tool that "copies data from one file or block device to another, trying hard to rescue data in case of read errors."  The application is developed as part of the GNU project and has written with UNIX/Linux in mind.
+
== Definition ==
 +
In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides.
  
'''ddrescue''' and '''[[dd_rescue]]''' are completely different programs which share no development between them.  The two projects are not related in any way except that they both attempt to enhance the standard [[dd]] tool and coincidentally chose similar names for their new programs.
+
== Slack Types ==
  
From the [[ddrescue]] info pages:
+
=== Ram Slack ===
<blockquote>
+
=== File Slack ===
GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.<br><br>
+
  
Ddrescue does not truncate the output file if not asked to. So, every time you run it on the same output file, it tries to fill in the gaps.<br><br>
 
  
The basic operation of ddrescue is fully automatic. That is, you don't have to wait for an error, stop the program, read the log, run it in reverse mode, etc.<br><br>
+
== External Links ==
 
+
If you use the logfile feature of ddrescue, the data is rescued very efficiently (only the needed blocks are read). Also you can interrupt the rescue at any time and resume it later at the same point.<br><br>
+
 
+
Automatic merging of backups: If you have two or more damaged copies of a file, cdrom, etc, and run ddrescue on all of them, one at a time, with the same output file, you will probably obtain a complete and error-free file. This is so because the probability of having damaged areas at the same places on different input files is very low. Using
+
the logfile, only the needed blocks are read from the second and successive copies.
+
</blockquote>
+
 
+
== Installation ==
+
=== Debian ===
+
The package 'ddrescue' actually is [[dd_rescue]] which is not maintain a recovery log.
+
{{{
+
aptitude install gddrescue
+
}}}
+
 
+
== Examples ==
+
 
+
These two examples are taken directly from the [[ddrescue]] info pages.
+
 
+
Example 1: Rescue an ext2 partition in /dev/hda2 to /dev/hdb2
+
<blockquote>
+
ddrescue -r3 /dev/hda2 /dev/hdb2 logfile<br>
+
e2fsck -v -f /dev/hdb2<br>
+
mount -t ext2 -o ro /dev/hdb2 /mnt<br>
+
</blockquote>
+
 
+
Example 2: Rescue a CD-ROM in /dev/cdrom
+
<blockquote>
+
ddrescue -b 2048 /dev/cdrom cdimage logfile
+
</blockquote>
+
write cdimage to a blank CD-ROM
+
 
+
== Notes ==
+
 
+
As of release 1.4-rc1, it can be compiled directly in [[Cygwin]] [http://en.wikipedia.org/wiki/Out_of_the_box Out of the Box]. Precompiled packages are available in the [http://cygwin.com/packages/ Cygwin distribution]. This makes it usable natively on [[Windows]] systems.
+
 
+
== See also ==
+
 
+
* [[aimage]]
+
* [[Blackbag]]
+
* [[dcfldd]]
+
* [[dd]]
+
* [[dd_rescue]]
+
* [[sdd]]
+

Revision as of 11:05, 15 May 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Definition

In Computer Forensics 'slack' refers to the bytes after the logical end of a file and the end of the cluster wherein the final byte of the valid file resides.

Slack Types

Ram Slack

File Slack

External Links