You aren't doing anything wrong, you just don't understand the dd
options that you are using, specifically, noerror and sync. I'm guessing
you found the dd command on some forensic or dd how-to page that didn't
describe the entire process. I will include content from the dd man page
below, but essentially, noerror means that even if dd encounters bad
sectors on the source disk, it will not cause dd to exit with an error
due to bad input. The sync option forces dd to write nulls into the
output file where the bad sectors occurred on the source disk.
So, since your output file has nulls in the places where your source
disk has bad sectors, they will never match up. You could use dcfldd and
hash every megabyte or so to see where the deviations occur in order to
match up what data may have been corrupted.
-jhs
-------------------------------
John H. Sawyer - GCFA GCIH GCFW
UF IT Security Engineer
-------------------------------
<SNIP from dd man>
noerror = Do not stop processing on an input error. When an input error
occurs, a diagnostic message shall be written on standard error,
followed by the current input and output block counts in the same format
as used at completion (see the STDERR section). If the sync conversion
is specified, the missing input shall be replaced with null bytes and
processed normally; otherwise, the input block shall be omitted from the
output.
</SNIP>
Willard Van Dyne wrote:
>
> Hi all.
>
> I'm trying to properly clone a 4.3GB (it's old, I know) hard disk which
> unfortunately has a lot of bad sectors.
> I am using Helix 1.7 as an operating environment, not mounting the old
> drive at all.
> I used the command:
>
> dd if=/dev/hdb of=/mnt/hda7/image.dd conv=noerror,sync
>
> My problem is that the md5 hash of the image file is different from that
> of the original HD (acquired via the command: dd if=/dev/hdb
> conv=noerror,sync | md5sum > /mnt/hda7/orig_disk_md5sum.txt)
>
> Can anyone please enlighten me as to what I'm doing wrong?
>
> Thanks in advance.
