Difference between pages "Dd" and "Upcoming events"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(See also)
 
(Conferences)
 
Line 1: Line 1:
{{Infobox_Software |
+
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
  name = dd |
+
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
  maintainer = [[Paul Rubin]], [[David MacKenzie]], [[Stuart Kemp]] |
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience. Such restrictions should be noted when known.</i>
  os = {{Linux}}, {{Windows}}, {{Mac OS X}} |
+
  genre = {{Disk imaging}} |
+
  license = {{GPL}} |
+
  website = [ftp://ftp.gnu.org/gnu/coreutils/ ftp.gnu.org/gnu/coreutils/] |
+
}}
+
  
'''dd''', sometimes called '''GNU dd''', is the oldest [[Tools#Disk_Imaging_Tools|imaging tool]] still used. Although it is functional and requires only minimal resources to run, it lacks some of the useful features found in more modern imagers such as [[metadata]] gathering, error correction, piecewise hashing, and a user-friendly interface. dd is a command line program that uses several obscure command line arguments to control the imaging process. Because some of these flags are similar and, if confused, can destroy the source media the examiner is trying to duplicate, users should be careful when running this program. The program generates [[Raw image file|raw image files]] which can be read by many other programs.
+
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
  
dd is part of the [[GNU Coreutils]] package which in turn has been ported to many [[Operating system|operating systems]].
+
This listing is divided into three sections (described as follows):<br>
 +
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
 +
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
 +
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
  
There are a few forks of dd for forensic purposes including [[dcfldd]], [[sdd]], [[dd_rescue]], [[ddrescue]], [[dccidd]], and a [[Windows|Microsoft Windows]] version that supports reading [[physical memory]].
+
== Calls For Papers ==
 +
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
  
== Example ==
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="30%|Title
 +
! width="15%"|Due Date
 +
! width="15%"|Notification Date
 +
! width="40%"|Website
 +
|-
 +
|CyberPatterns 2014
 +
|Jan 03, 2014
 +
|Jan 17, 2014
 +
|http://tech.brookes.ac.uk/CyberPatterns2014/CFPCyberpatterns2014.pdf
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jan 10, 2014
 +
|Mar 14, 2014
 +
|http://acns2014.epfl.ch/callpapers.php
 +
|-
 +
|9th Annual Conference on Digital Forensics, Security and Law
 +
|Jan 15, 2014
 +
|
 +
|http://www.digitalforensics-conference.org/callforpapers.htm
 +
|-
 +
|USENIX Annual Technical Conference
 +
|Jan 28, 2014
 +
|Apr 07, 2014
 +
|https://www.usenix.org/conference/atc14/call-for-papers
 +
|-
 +
|Audio Engineering Society (AES) Conference on Audio Forensics
 +
|Jan 31, 2014
 +
|Mar 15, 2014
 +
|http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
 +
|-
 +
|DFRWS - USA 2014
 +
|Feb 13, 2014
 +
|Apr 07, 2014
 +
|http://dfrws.org/2014/cfp.shtml
 +
|-
 +
|}
  
Here are two common dd command lines:
+
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
  
'''UNIX/Linux'''
+
== Conferences ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="20%"|Date/Location
 +
! width="40%"|Website
 +
|-
 +
|IFIP WG 11.9 International Conference on Digital Forensics
 +
|Jan 08-10<br>Vienna, Austria
 +
|http://www.ifip119.org/Conferences/
 +
|-
 +
|AAFS 66th Annual Scientific Meeting
 +
|Feb 17-22<br>Seattle, WA, USA
 +
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
 +
|-
 +
|21st Network & Distributed System Security Symposium
 +
|Feb 23-26<br>San Diego, CA, USA
 +
|http://www.internetsociety.org/events/ndss-symposium
 +
|-
 +
|Fourth ACM Conference on Data and Application Security and Privacy 2014
 +
|Mar 03-05<br>San Antonio, TX, USA
 +
|http://www1.it.utsa.edu/codaspy/
 +
|-
 +
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
 +
|Mar 24-25<br>West Lafayette, IN, USA
 +
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
 +
|-
 +
|CyberPatterns 2014
 +
|Apr 11<br>Oxford, United Kingdom
 +
|http://tech.brookes.ac.uk/CyberPatterns2014/
 +
|-
 +
|US Cyber Crime Conference 2014
 +
|Apr 29-May 02<br>Leesburg, VA
 +
|http://www.usacybercrime.com/
 +
|-
 +
|DFRWS-Europe 2014
 +
|May 07-09<br>Amsterdam, Netherlands
 +
|http://dfrws.org/2014eu/index.shtml
 +
|-
 +
|8th International Conference on IT Security Incident Management & IT Forensics
 +
|May 12-14<br>Muenster, Germany
 +
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
 +
|-
 +
|2014 IEEE Symposium on Security and Privacy
 +
|May 16-23<br>Berkley, CA, USA
 +
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
 +
|-
 +
|9th ADFSL Conference on Digital Forensics, Security and Law
 +
|May 28-29<br>Richmond, VA
 +
|http://www.digitalforensics-conference.org/
 +
|-
 +
|Techno-Security and Forensics Conference
 +
|Jun 01-04<br>Myrtle Beach, SC, USA
 +
|http://www.techsec.com/html/Security%20Conference%202014.html
 +
|-
 +
|Mobile Forensics World
 +
|Jun 01-04<br>Myrtle Beach, SC, USA
 +
|http://www.techsec.com/html/MFC-2014-Spring.html
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jun 10-13<br>Lausanne, Switzerland
 +
|http://acns2014.epfl.ch/
 +
|-
 +
|54th Conference on Audio Forensics
 +
|Jun 12-14<br>London, England
 +
|http://www.aes.org/conferences/54/
 +
|-
 +
|2014 USENIX Annual Technical Conference
 +
|Jun 19-20<br>Philadelphia, PA, USA
 +
|https://www.usenix.org/conference/atc14
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Jun 23-26<br>Atlanta, GA, USA
 +
|http://www.dsn.org/
 +
|-
 +
|Symposium On Usable Privacy and Security (SOUPS) 2014
 +
|Jul 09-11<br>Menlo Park, CA, USA
 +
|http://cups.cs.cmu.edu/soups/2013/
 +
|-
 +
|Black Hat USA 2014
 +
|Aug 02-07<br>Las Vegas, NV, USA
 +
|https://www.blackhat.com
 +
|-
 +
|DFRWS 2014
 +
|Aug 03-06<br>Denver, CO, USA
 +
|http://dfrws.org/2014/index.shtml
 +
|-
 +
|RCFG GMU 2014
 +
|Aug 04-08<br>Fairfax, VA, USA
 +
|http://www.rcfg.org/gmu/
 +
|-
 +
|23rd USENIX Security Symposium
 +
|Aug 20-22<br>San Diego, CA, USA
 +
|https://www.usenix.org/conferences
 +
|-
 +
|25th Annual Conference & Digital Multimedia Evidence Training Symposium
 +
|Oct 06-10<br>Coeur d’Alene, ID, USA
 +
|http://www.leva.org/annual-training-conference/
 +
|-
 +
|}
  
dd if=/dev/hda of=mybigfile.img bs=65536 conv=noerror,sync
+
==See Also==
 
+
* [[Training Courses and Providers]]
'''Windows'''
+
==References==
 
+
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
dd.exe if=\\.\PhysicalDrive0 of=d:\images\PhysicalDrive0.img --md5sum --verifymd5
+
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
--md5out=d:\images\PhysicalDrive0.img.md5
+
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
 
+
== Tips ==
+
With linux in addition to
+
dd if=/dev/hda of=mybigfile.img bs=65536 conv=noerror,sync
+
 
+
You can wipe a drive with:
+
dd if=/dev/zero of=/dev/hda bs=4K conv=noerror,sync
+
 
+
For imaging a useful alternate invocation in Linux or UNIX is:
+
dd if=/dev/hda bs=4K conv=sync,noerror | tee mybigfile.img | md5sum > mybigfile.md5
+
 
+
The above alternate imaging command uses dd to read the harddrive being imaged and outputs the data to tee.  tee saves a copy of the data as your image file and also outputs a copy of the data to md5sum.  md5sum calculates the hash which gets saved in mybgifile.md5
+
 
+
For all of the above
+
if            => input file
+
/dev/hda      => the linux name of a physical disk.  Mac has their own names.
+
/dev/zero      => in linux, this is an infinite source of nulls
+
of            => output file
+
mybigfile.img  => The name of the image file you are creating
+
bs            => [[blocksize]]
+
65536          => 64K  (I normally use 4K in linux.  That is what the linux kernel uses as a page size.)
+
noerror        => don't die if you have a read error from the source drive
+
sync          => if there is an error, null fill the rest of the block.
+
 
+
In linux, the blocksize value can have a multiplicative suffix: 
+
c =1
+
w =2
+
b =512
+
kB =1000,          K =1024
+
MB =1000*1000,      M =1024*1024
+
GB =1000*1000*1000, G =1024*1024*1024
+
and so on for T, P, E, Z, Y.
+
 
+
Things to know:
+
 
+
Having a bigger blocksize is more efficient, but if you use a 1MB block as an example and have a read error in the first sector, then dd will null fill the entire MB.  Thus you should use as small a blocksize as feasible.
+
 
+
But with linux if you go below 4KB blocksize, you can hit really bad performance issues.  It can be as much as 10x slower to use the default 512 byte block as it is to use a 4KB block. 
+
 
+
Without noerror and sync, you basically don't have a forensic image.  For forensic images they are mandatory.
+
 
+
dd by itself does not hash, that is why the alternate command is provided.
+
 
+
== Cautions ==
+
=== Reversing Args can cause evidence erasure ===
+
Use extreme care when typing the command line for this program. Reversing the <tt>if</tt> and <tt>of</tt> flags will cause the computer to erase your evidence!
+
 
+
=== Use extreme caution if reading from a tape drive ===
+
At least with Linux/UNIX, tape drives have functional differences from disk that make them more complex to "image". Specifically they have EOF and EOT markings on the tape media that do not have a corresponding functionality with disks.
+
 
+
Most commercial backup software use EOF separators to allow a single tape to hold multiple backup sessions.
+
 
+
backup1-- EOF -- backup2 -- EOF -- backup3 -- EOT
+
 
+
A simple dd if=/dev/st0 of=image.dd will only preserve the first backup session.
+
 
+
For testing, from Linux you can create a multi-session backup tape via:
+
 
+
mt rewind -f /dev/st0
+
tar -cf /dev/nst0 /home
+
tar -cf /dev/nst0 /srv
+
 
+
The nst device driver considers the closing of /dev/nst0 to signal the
+
end of a tape file, so it appends a EOF mark after each invocation of
+
tar.
+
 
+
So the tape would have:
+
home_tar_archive -- EOF -- srv_tar_archive -- EOF -- EOT
+
 
+
If you start reading from the start of the tape with either dd or tar,
+
they will stop when the first EOF is hit and thus will only extract the home archive and will miss the srv archive.
+
 
+
== See also ==
+
 
+
* [[aimage]]
+
* [[Blackbag]]
+
* [[dc3dd]]
+
* [[dcfldd]]
+
* [[dd_rescue]]
+
* [[ddrescue]]
+
* [[sdd]]
+
* [[sg_dd]]
+
* [[mdd]]
+
* [[Raw Image Format]]
+
 
+
== External Links ==
+
 
+
* [http://www.linuxjournal.com/article/1320 LinuxJournal article about dd]
+
* [http://users.erols.com/gmgarner/forensics/ Windows Version of dd and other forensics tools]
+

Revision as of 12:56, 17 December 2013

PLEASE READ BEFORE YOU EDIT THE LISTS BELOW
When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).
Some events may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

This is a BY DATE listing of upcoming events relevant to digital forensics. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic conferences page, but entries in this list have specific dates and locations for the upcoming event.

This listing is divided into three sections (described as follows):

  1. Calls For Papers - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)

  2. Conferences - Conferences relevant for Digital Forensics (Name, Date, Location, URL)

  3. Training Courses and Providers - Training

Calls For Papers

Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.

Title Due Date Notification Date Website
CyberPatterns 2014 Jan 03, 2014 Jan 17, 2014 http://tech.brookes.ac.uk/CyberPatterns2014/CFPCyberpatterns2014.pdf
12th International Conference on Applied Cryptography and Network Security Jan 10, 2014 Mar 14, 2014 http://acns2014.epfl.ch/callpapers.php
9th Annual Conference on Digital Forensics, Security and Law Jan 15, 2014 http://www.digitalforensics-conference.org/callforpapers.htm
USENIX Annual Technical Conference Jan 28, 2014 Apr 07, 2014 https://www.usenix.org/conference/atc14/call-for-papers
Audio Engineering Society (AES) Conference on Audio Forensics Jan 31, 2014 Mar 15, 2014 http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
DFRWS - USA 2014 Feb 13, 2014 Apr 07, 2014 http://dfrws.org/2014/cfp.shtml

See also WikiCFP 'Forensics'

Conferences

Title Date/Location Website
IFIP WG 11.9 International Conference on Digital Forensics Jan 08-10
Vienna, Austria
http://www.ifip119.org/Conferences/
AAFS 66th Annual Scientific Meeting Feb 17-22
Seattle, WA, USA
http://www.aafs.org/aafs-66th-annual-scientific-meeting
21st Network & Distributed System Security Symposium Feb 23-26
San Diego, CA, USA
http://www.internetsociety.org/events/ndss-symposium
Fourth ACM Conference on Data and Application Security and Privacy 2014 Mar 03-05
San Antonio, TX, USA
http://www1.it.utsa.edu/codaspy/
9th International Conference on Cyber Warfare and Security (ICCWS-2014) Mar 24-25
West Lafayette, IN, USA
http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
CyberPatterns 2014 Apr 11
Oxford, United Kingdom
http://tech.brookes.ac.uk/CyberPatterns2014/
US Cyber Crime Conference 2014 Apr 29-May 02
Leesburg, VA
http://www.usacybercrime.com/
DFRWS-Europe 2014 May 07-09
Amsterdam, Netherlands
http://dfrws.org/2014eu/index.shtml
8th International Conference on IT Security Incident Management & IT Forensics May 12-14
Muenster, Germany
http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
2014 IEEE Symposium on Security and Privacy May 16-23
Berkley, CA, USA
http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
9th ADFSL Conference on Digital Forensics, Security and Law May 28-29
Richmond, VA
http://www.digitalforensics-conference.org/
Techno-Security and Forensics Conference Jun 01-04
Myrtle Beach, SC, USA
http://www.techsec.com/html/Security%20Conference%202014.html
Mobile Forensics World Jun 01-04
Myrtle Beach, SC, USA
http://www.techsec.com/html/MFC-2014-Spring.html
12th International Conference on Applied Cryptography and Network Security Jun 10-13
Lausanne, Switzerland
http://acns2014.epfl.ch/
54th Conference on Audio Forensics Jun 12-14
London, England
http://www.aes.org/conferences/54/
2014 USENIX Annual Technical Conference Jun 19-20
Philadelphia, PA, USA
https://www.usenix.org/conference/atc14
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Jun 23-26
Atlanta, GA, USA
http://www.dsn.org/
Symposium On Usable Privacy and Security (SOUPS) 2014 Jul 09-11
Menlo Park, CA, USA
http://cups.cs.cmu.edu/soups/2013/
Black Hat USA 2014 Aug 02-07
Las Vegas, NV, USA
https://www.blackhat.com
DFRWS 2014 Aug 03-06
Denver, CO, USA
http://dfrws.org/2014/index.shtml
RCFG GMU 2014 Aug 04-08
Fairfax, VA, USA
http://www.rcfg.org/gmu/
23rd USENIX Security Symposium Aug 20-22
San Diego, CA, USA
https://www.usenix.org/conferences
25th Annual Conference & Digital Multimedia Evidence Training Symposium Oct 06-10
Coeur d’Alene, ID, USA
http://www.leva.org/annual-training-conference/

See Also

References