Difference between pages "How to analyse partitions" and "Dd rescue"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
m (added information regarding ddrescue)
 
Line 1: Line 1:
A How-to for dealing with partitions.
+
{{Infobox_Software |
 +
  name = dd_rescure |
 +
  os = {{Linux}}|
 +
  genre = {{Disk imaging}} |
 +
  license = {{GPL}} |
 +
  website = [http://www.garloff.de/kurt/linux/ddrescue/ www.garloff.de/kurt/linux/ddrescue/]
 +
}}
  
[http://www.sleuthkit.org/informer/sleuthkit-informer-12.html Sleuth Kit Informer #12] suggests using the mmls program to display the contents of partitions.
+
'''dd_rescure''', is an an advanced evolution of [[dd]], a command line program that has been ported only for UNIX/Linux. The program uses a complex series of flags to allow the user to image or write data from and to [[raw image file|raw image files]]. Like [[dcfldd]], the program makes an effort to keep the user apprised of the status of the current operation.
  
For example:
+
'''[[ddrescue]]''' and '''dd_rescue''' are completely different programs which share no development between them.  The two projects are not related in any way except that they both attempt to enhance the standard [[dd]] tool and coincidentally chose similar names for their new programs.
  
  # mmls -t dos disk.dd
 
  Slot Start End Length Description
 
  00: ----- 0000000000 0000000000 0000000001 Primary Table (#0)
 
  01: ----- 0000000001 0000000062 0000000062 Unallocated
 
  02: 00:00 0000000063 0002056319 0002056257 Win95 FAT32 (0x0B)
 
  03: 00:01 0002056320 0008209214 0006152895 OpenBSD (0xA6)
 
  04: 00:02 0008209215 0019999727 0011790513 FreeBSD (0xA5)
 
  
You can use mmls to examine the OpenBSD and FreeBSD partitions that are inside the DOS partition:
+
== Sample usage ==
  
  # mmls -t bsd -o 2056321 disk.dd
+
Here is a common dd_rescue command:
  Length Description
+
  00: 02 0000000000 0019999727 0019999728 Unused (0x00)
+
  01: 08 0000000063 0002056319 0002056257 MSDOS (0x08)
+
  02: 00 0002056320 0002260943 0000204624 4.2BSD (0x07)
+
  03: 01 0002260944 0002875823 0000614880 Swap (0x01)
+
  04: 03 0002875824 0003080447 0000204624 4.2BSD (0x07)
+
  05: 04 0003080448 0003233663 0000153216 4.2BSD (0x07)
+
  06: 07 0003233664 0004257791 0001024128 4.2BSD (0x07)
+
  07: 06 0004257792 0008209214 0003951423 4.2BSD (0x07)
+
  08: 09 0008209215 0019984859 0011775645 Unknown (0x0A)
+
  
(Examples from SKI #12)
+
'''UNIX/Linux'''
 +
 
 +
<pre>$ dd_rescue /dev/hda myfile.img</pre>
 +
 
 +
==  Cautions ==
 +
 
 +
Unlike regular [[dd]], dd_rescue does not use the command line arguments <tt>if</tt> or <tt>of</tt>.
 +
 
 +
== See also ==
 +
 
 +
* [[aimage]]
 +
* [[Blackbag]]
 +
* [[dcfldd]]
 +
* [[dd]]
 +
* [[ddrescue]]
 +
* [[sdd]]

Revision as of 15:32, 3 June 2007

dd_rescure
Maintainer: {{{maintainer}}}
OS: Linux
Genre: Disk imaging
License: GPL
Website: www.garloff.de/kurt/linux/ddrescue/

dd_rescure, is an an advanced evolution of dd, a command line program that has been ported only for UNIX/Linux. The program uses a complex series of flags to allow the user to image or write data from and to raw image files. Like dcfldd, the program makes an effort to keep the user apprised of the status of the current operation.

ddrescue and dd_rescue are completely different programs which share no development between them. The two projects are not related in any way except that they both attempt to enhance the standard dd tool and coincidentally chose similar names for their new programs.


Sample usage

Here is a common dd_rescue command:

UNIX/Linux

$ dd_rescue /dev/hda myfile.img

Cautions

Unlike regular dd, dd_rescue does not use the command line arguments if or of.

See also