Difference between revisions of "Dc3dd"

From ForensicsWiki
Jump to: navigation, search
m (Comparison to GNU dd: - Added more features)
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Infobox_Software |
 
{{Infobox_Software |
   name = dc3dddd |
+
   name = dc3dd |
 
   maintainer = [[Jesse Kornblum]] |
 
   maintainer = [[Jesse Kornblum]] |
 
   os = {{Linux}}, {{BSD}}, {{Solaris}}, {{Mac OS X}} |
 
   os = {{Linux}}, {{BSD}}, {{Solaris}}, {{Mac OS X}} |
Line 7: Line 7:
 
   website = http://dc3dd.sf.net/ |
 
   website = http://dc3dd.sf.net/ |
 
}}
 
}}
{{expand}}
+
'''dc3dd''' is a patched version of [[dd|GNU dd]] with added features for computer forensics. It was developed at the [[DoD Cyber Crime Center]] by [[Jesse Kornblum]]. The first release, corresponding to Coreutils version 6.9.91, was published on 1 Feb 2008.
'''dc3dd''' is a patched version of [[dd|GNU dd]] with added features for computer forensics. It was developed at the [[DoD Cyber Crime Center]] by [[Jesse Kornblum]]. The first release, corresponding to Coreutils version 6.9.91, is scheduled for 1 Feb 2008.
+
  
 
== Comparison to GNU dd ==
 
== Comparison to GNU dd ==
 
The following features are available in dc3dd that are ''not'' found in [[dd|GNU dd]]:
 
The following features are available in dc3dd that are ''not'' found in [[dd|GNU dd]]:
* On the fly [[hashing]] with multiple algorithms ([[MD5]], [[SHA-1]], [[SHA-256]], and [[SHA-512]]) with variable sized piecewise hashing
+
* On the fly [[hashing]] with multiple algorithms ([[MD5]], [[SHA-1]], [[SHA-256]], and [[SHA-512]]) with variable sized [[piecewise hashing]]
 
* Able to write errors directly to a file
 
* Able to write errors directly to a file
* Combined error log. Groups errors together (e.g. <tt> Had 1,023 'Input/ouput errors' between offsets 512-65536' </tt>)
+
* Combined error log. Groups errors together (e.g. <tt> Had 1,023 'Input/ouput errors' between blocks 17-233' </tt>)
 
* Pattern wiping. Wipe output files with a single hex digit or a text pattern
 
* Pattern wiping. Wipe output files with a single hex digit or a text pattern
 
* Verify mode
 
* Verify mode
 
* Progress reports. See the progress of the operation while it's running
 
* Progress reports. See the progress of the operation while it's running
 
* Split output. Able to split output files into fixed size chunks
 
* Split output. Able to split output files into fixed size chunks
 +
 +
The following changes to GNU dd's behavior were made:
 +
* On a partial read, the whole block is wiped with zeros. This allows for repeatable reads/hashes of a drive with errors.
  
 
== Comparison to dcfldd ==
 
== Comparison to dcfldd ==
Line 31: Line 33:
 
* [http://dc3dd.sf.net/ Official web site]
 
* [http://dc3dd.sf.net/ Official web site]
 
* [http://sourceforge.net/projects/dc3dd/ Sourceforge project page]
 
* [http://sourceforge.net/projects/dc3dd/ Sourceforge project page]
 
+
* [http://www.myfixlog.com/fix.php?fid=33 Step by step how-to for dc3dd]
[[Category:Vaporware]]
+

Latest revision as of 08:09, 21 January 2011

dc3dd
Maintainer: Jesse Kornblum
OS: Linux,BSD,Solaris,Mac OS X
Genre: Disk imaging
License: GPL
Website: http://dc3dd.sf.net/

dc3dd is a patched version of GNU dd with added features for computer forensics. It was developed at the DoD Cyber Crime Center by Jesse Kornblum. The first release, corresponding to Coreutils version 6.9.91, was published on 1 Feb 2008.

Comparison to GNU dd

The following features are available in dc3dd that are not found in GNU dd:

  • On the fly hashing with multiple algorithms (MD5, SHA-1, SHA-256, and SHA-512) with variable sized piecewise hashing
  • Able to write errors directly to a file
  • Combined error log. Groups errors together (e.g. Had 1,023 'Input/ouput errors' between blocks 17-233' )
  • Pattern wiping. Wipe output files with a single hex digit or a text pattern
  • Verify mode
  • Progress reports. See the progress of the operation while it's running
  • Split output. Able to split output files into fixed size chunks

The following changes to GNU dd's behavior were made:

  • On a partial read, the whole block is wiped with zeros. This allows for repeatable reads/hashes of a drive with errors.

Comparison to dcfldd

Although there are definitely similarities between dc3dd and dcfldd, the programs are based on slightly different code bases and have different feature sets. dcfldd is a fork of GNU dd, whereas dc3dd is a patch to the current version. This means that dc3dd will be updated every time GNU dd is updated, whereas dcfldd has its own release schedule. Certain features added to GNU dd after dcfldd forked, such as direct input/output mode, are not found in dcfldd.

On the other hand, dcfldd supports more hashing algorithms than dc3dd, allows the user greater control over how hashes are displayed, supports wiping output files with random patterns, and is supported on the Cygwin platform.

See Also

External Links