What about cp /dev/sdx /dev/sdy
It works very well on two identical drives - - perhaps when the second one is larger, too. You don't need any permissions. The result is really a clone including partition table! I used this from a floppy with a full version of cp. Christian > ----- Original Message ----- > From: "Alberto Cortés" <[EMAIL PROTECTED]> > To: "Debian-security" <debian-security@lists.debian.org> > Sent: Saturday, February 08, 2003 12:43 PM > Subject: Re: raw disk access > El mar, 07 de ene de 2003, a las 19:51 -0800, > Blars decía que: > > > In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: > > > i am looking for forensics tools that can be used in computer > > > crime investigations, and am particularly interesting in a tool > > > that provides raw drive (hard, floppy, CD, DVD, etc.) access in > > > order to create complete and accurate drive images. > > > > Low level tools are no trick at all. If you are root or root has given > > you access (recomended), you can use any normal tools (dd, grep, perl) > > on the appropriate /dev/hd* or /dev/sd* . > > > > You can mount the filesystem read-only if you don't want to access > > deleted files, etc. > > > > As far as i know, when u do something like: > > dd if=/dev/org_dev of=/dev/dest_dev > > You are pasing through 2 interfaces u don't control, at least u don't > have direct control of them. I am talking about the drivers of the > devices, which can do some modifications of the data. > > A look to the drivers, driver_open() driver_close(), driver_read() and > so on has to be done to fully understand what they are doing with the > data, not to mention the hardware functionality implemented by the > hardware, like error checking and other things. > > I have never look at any hard disk driver but i think u will have to > do it if u want to be sure. > > Maybe u can disable some hardware functionality with some IOCTL. > ...
