Difference between pages "Other Resources" and "AIR"
From Forensics Wiki
(Difference between pages)
m |
|||
| Line 1: | Line 1: | ||
| − | + | AIR (Automated Image and Restore) is a GUI front-end to dd/dcfldd designed for easily creating forensic bit images. | |
| − | + | Features: | |
| − | + | # auto-detection of IDE and SCSI drives, CD-ROMs, and tape drives | |
| + | # choice of using either dd or dcfldd | ||
| + | # image verification between source and copy via MD5 or SHA1/256/384/512 | ||
| + | # image compression/decompression via gzip/bzip2 | ||
| + | # image over a TCP/IP network via netcat/cryptcat | ||
| + | # supports SCSI tape drives | ||
| + | # wiping (zeroing) drives or partitions | ||
| + | # splitting images into multiple segments | ||
| + | # detailed logging with date/times and complete command-line used | ||
Revision as of 19:53, 22 January 2007
AIR (Automated Image and Restore) is a GUI front-end to dd/dcfldd designed for easily creating forensic bit images.
Features:
- auto-detection of IDE and SCSI drives, CD-ROMs, and tape drives
- choice of using either dd or dcfldd
- image verification between source and copy via MD5 or SHA1/256/384/512
- image compression/decompression via gzip/bzip2
- image over a TCP/IP network via netcat/cryptcat
- supports SCSI tape drives
- wiping (zeroing) drives or partitions
- splitting images into multiple segments
- detailed logging with date/times and complete command-line used
