|−|(From the dcfldd documentation at http: //dcfldd.sourceforge.net/) |+|
| || |
|−|'''dcfldd''' is an enhanced version of [[ GNU]] dd with features useful for forensics and security. Based on the dd program found in the GNU Coreutils package, dcfldd has the following additional features: |+|
the the ,
| || |
|−|* Hashing on-the-fly - dcfldd can hash the input data as it is being transferred, helping to ensure data integrity. |+|
|−|* Status output - dcfldd can update the user of its progress in terms of the amount of data transferred and how much longer operation will take. |+|
|−|* Flexible disk wipes - dcfldd can be used to wipe disks quickly and with a known pattern if desired. |+|
Image/ wipe Verify - dcfldd can verify that a target drive is a bit-for-bit match of the specified input file or pattern. |+|
|−|* Multiple outputs - dcfldd can output to multiple files or disks at the same time. |+|
|−|* Split output - dcfldd can split output to multiple files with more configurability than the split command. |+|
|−|* Piped output and logs - dcfldd can send all its log data and output to commands as well as files natively. |+|
Revision as of 13:36, 25 March 2006
dcfldd is an enhanced version of GNU dd. It has some useful features for forensic investigators:
- On-the-fly hashing of the transmitted data.
- Progress bar of how much data has already been sent.
- Wiping of disks with known patterns.
- Verification that the image is identical to the original drive, bit-for-bit.
- Simultaneous output to more than one file/disk is possible.
- The output can be splitted into multiple files.
- Logs and data can be piped into external applications.