Re: raw disk access
Just a thought, but could one just use cat? I know that you can write disk image to a floppy with cat, so why should one not be able to cat /dev/hda1 > imagefile Any ideas? Thank you, Joshua SS Miller On Mon, 2003-01-13 at 03:19, Jean-Francois Dive wrote: > already answered but dd | nc (to send it to another box) is a classical. > > Otherwise, some other tools can give you as well memory dumps which may > sometimes be very usefull. > > JeF > > On Tue, Jan 07, 2003 at 10:08:22PM -0500, viv wrote: > > Hi. > > > > As a Debian user, i am posting to this list first in the hopes > > that what i am looking for can be found as a Debian package. > > > > i am looking for forensics tools that can be used in computer > > crime investigations, and am particularly interesting in a tool > > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > > order to create complete and accurate drive images. > > > > If such a tool does not exist within Debian, is anyone aware of > > any application (GPLed, please) that does? Failing that, i am > > willing to write my own tool, if necessary, and would appreciate > > any pointers to good reference material (raw drive access and > > how to work with the images created). > > > > If it helps, i am running with the latest 'unstable' packages. > > > > Many thanks. > > > > -- > > viv <[EMAIL PROTECTED]> > > > > -- > > -> Jean-Francois Dive > --> [EMAIL PROTECTED] > > There is no such thing as randomness. Only order of infinite > complexity. - _The Holographic Universe_, Michael Talbot >
Re: raw disk access
already answered but dd | nc (to send it to another box) is a classical. Otherwise, some other tools can give you as well memory dumps which may sometimes be very usefull. JeF On Tue, Jan 07, 2003 at 10:08:22PM -0500, viv wrote: > Hi. > > As a Debian user, i am posting to this list first in the hopes > that what i am looking for can be found as a Debian package. > > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. > > If such a tool does not exist within Debian, is anyone aware of > any application (GPLed, please) that does? Failing that, i am > willing to write my own tool, if necessary, and would appreciate > any pointers to good reference material (raw drive access and > how to work with the images created). > > If it helps, i am running with the latest 'unstable' packages. > > Many thanks. > > -- > viv <[EMAIL PROTECTED]> -- -> Jean-Francois Dive --> [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot pgpUMWwpOlWQX.pgp Description: PGP signature
Re: raw disk access
Just a thought, but could one just use cat? I know that you can write disk image to a floppy with cat, so why should one not be able to cat /dev/hda1 > imagefile Any ideas? Thank you, Joshua SS Miller On Mon, 2003-01-13 at 03:19, Jean-Francois Dive wrote: > already answered but dd | nc (to send it to another box) is a classical. > > Otherwise, some other tools can give you as well memory dumps which may > sometimes be very usefull. > > JeF > > On Tue, Jan 07, 2003 at 10:08:22PM -0500, viv wrote: > > Hi. > > > > As a Debian user, i am posting to this list first in the hopes > > that what i am looking for can be found as a Debian package. > > > > i am looking for forensics tools that can be used in computer > > crime investigations, and am particularly interesting in a tool > > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > > order to create complete and accurate drive images. > > > > If such a tool does not exist within Debian, is anyone aware of > > any application (GPLed, please) that does? Failing that, i am > > willing to write my own tool, if necessary, and would appreciate > > any pointers to good reference material (raw drive access and > > how to work with the images created). > > > > If it helps, i am running with the latest 'unstable' packages. > > > > Many thanks. > > > > -- > > viv <[EMAIL PROTECTED]> > > > > -- > > -> Jean-Francois Dive > --> [EMAIL PROTECTED] > > There is no such thing as randomness. Only order of infinite > complexity. - _The Holographic Universe_, Michael Talbot > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: raw disk access
already answered but dd | nc (to send it to another box) is a classical. Otherwise, some other tools can give you as well memory dumps which may sometimes be very usefull. JeF On Tue, Jan 07, 2003 at 10:08:22PM -0500, viv wrote: > Hi. > > As a Debian user, i am posting to this list first in the hopes > that what i am looking for can be found as a Debian package. > > i am looking for forensics tools that can be used in computer > crime investigations, and am particularly interesting in a tool > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > order to create complete and accurate drive images. > > If such a tool does not exist within Debian, is anyone aware of > any application (GPLed, please) that does? Failing that, i am > willing to write my own tool, if necessary, and would appreciate > any pointers to good reference material (raw drive access and > how to work with the images created). > > If it helps, i am running with the latest 'unstable' packages. > > Many thanks. > > -- > viv <[EMAIL PROTECTED]> -- -> Jean-Francois Dive --> [EMAIL PROTECTED] There is no such thing as randomness. Only order of infinite complexity. - _The Holographic Universe_, Michael Talbot msg08422/pgp0.pgp Description: PGP signature
