On Mon, Feb 10, 2003 at 08:43:22AM -0500, Phillip Hofmeister wrote:
> On Mon, 10 Feb 2003 at 01:24:29PM +0100, Alberto Cort?s wrote:
> > cp, dd and every command use the system calls, and system calls use
> > the drivers, and i am not sure the drivers don't modify "structure".
>
> dd, cat, etc. do
On Mon, Feb 10, 2003 at 08:43:22AM -0500, Phillip Hofmeister wrote:
> On Mon, 10 Feb 2003 at 01:24:29PM +0100, Alberto Cort?s wrote:
> > cp, dd and every command use the system calls, and system calls use
> > the drivers, and i am not sure the drivers don't modify "structure".
>
> dd, cat, etc. do
On Mon, 10 Feb 2003 at 01:24:29PM +0100, Alberto Cort?s wrote:
> cp, dd and every command use the system calls, and system calls use
> the drivers, and i am not sure the drivers don't modify "structure".
dd, cat, etc. do modify the structure. One common way I rip an ISO is:
cat /dev/cdrom > myfi
El sáb, 08 de feb de 2003, a las 23:49 +0100,
Christian decía que:
> What about
>
> cp /dev/sdx /dev/sdy
>
cp, dd and every command use the system calls, and system calls use
the drivers, and i am not sure the drivers don't modify "structure".
example:
step 1) you read a block of data fro
On Mon, 10 Feb 2003 at 01:24:29PM +0100, Alberto Cort?s wrote:
> cp, dd and every command use the system calls, and system calls use
> the drivers, and i am not sure the drivers don't modify "structure".
dd, cat, etc. do modify the structure. One common way I rip an ISO is:
cat /dev/cdrom > myfi
El sáb, 08 de feb de 2003, a las 23:49 +0100,
Christian decía que:
> What about
>
> cp /dev/sdx /dev/sdy
>
cp, dd and every command use the system calls, and system calls use
the drivers, and i am not sure the drivers don't modify "structure".
example:
step 1) you read a block of data fro
On Sábado, 8 de Febrero de 2003 23:49, Christian Storch wrote:
> What about
>
> cp /dev/sdx /dev/sdy
>
> It works very well on two identical drives -
> - perhaps when the second one is larger, too.
> You don't need any permissions. The result is really a clone
> including partition table!
> I used
On Sábado, 8 de Febrero de 2003 23:49, Christian Storch wrote:
> What about
>
> cp /dev/sdx /dev/sdy
>
> It works very well on two identical drives -
> - perhaps when the second one is larger, too.
> You don't need any permissions. The result is really a clone
> including partition table!
> I used
Original Message -
> From: "Alberto Cortés" <[EMAIL PROTECTED]>
> To: "Debian-security"
> Sent: Saturday, February 08, 2003 12:43 PM
> Subject: Re: raw disk access
> El mar, 07 de ene de 2003, a las 19:51 -0800,
> Blars decía que:
>
> > In art
Original Message -
> From: "Alberto Cortés" <[EMAIL PROTECTED]>
> To: "Debian-security" <[EMAIL PROTECTED]>
> Sent: Saturday, February 08, 2003 12:43 PM
> Subject: Re: raw disk access
> El mar, 07 de ene de 2003, a las 19:51 -0800,
> Blars decía
El mar, 07 de ene de 2003, a las 19:51 -0800,
Blars decía que:
> In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
> > i am looking for forensics tools that can be used in computer
> > crime investigations, and am particularly interesting in a tool
> > that provides raw drive (
El mar, 07 de ene de 2003, a las 19:51 -0800,
Blars decía que:
> In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
> > i am looking for forensics tools that can be used in computer
> > crime investigations, and am particularly interesting in a tool
> > that provides raw drive (
yes you can :)
On Sun, Jan 12, 2003 at 07:50:38PM +0100, Joshua SS Miller wrote:
> Just a thought, but could one just use cat? I know that you can write
> disk image to a floppy with cat, so why should one not be able to cat
> /dev/hda1 > imagefile
>
> Any ideas?
>
> Thank you,
>
> Joshua SS M
yes you can :)
On Sun, Jan 12, 2003 at 07:50:38PM +0100, Joshua SS Miller wrote:
> Just a thought, but could one just use cat? I know that you can write
> disk image to a floppy with cat, so why should one not be able to cat
> /dev/hda1 > imagefile
>
> Any ideas?
>
> Thank you,
>
> Joshua SS M
Hi!
* Martin Hermanowski <[EMAIL PROTECTED]> [20030116 01:18]:
> On Wed, Jan 15, 2003 at 06:26:32PM -0500, Hubert Chan wrote:
> > > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
> > Andreas> patch-int is all of the above combined, for (optional)
> > Andreas> compilation into the kerne
On Wed, Jan 15, 2003 at 06:26:32PM -0500, Hubert Chan wrote:
> > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
>
> [...]
>
> Andreas> here's how I understand it:
>
> [...]
>
> Andreas> patch-int is all of the above combined, for (optional)
> Andreas> compilation into the kernel.
>
> "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
[...]
Andreas> here's how I understand it:
[...]
Andreas> patch-int is all of the above combined, for (optional)
Andreas> compilation into the kernel.
That would have been my guess too.
BTW, I've also grepped through the cryptoapi a
Hi!
* Hubert Chan <[EMAIL PROTECTED]> [20030115 22:55]:
> > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
> Andreas> have a look at the sourcecode in e.g.
> Andreas>
> http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-int-2.4.20.1.bz2
>
> Thanks. I'll take a look at t
Hi!
* Martin Hermanowski <[EMAIL PROTECTED]> [20030116 01:18]:
> On Wed, Jan 15, 2003 at 06:26:32PM -0500, Hubert Chan wrote:
> > > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
> > Andreas> patch-int is all of the above combined, for (optional)
> > Andreas> compilation into the kerne
On Wed, Jan 15, 2003 at 06:26:32PM -0500, Hubert Chan wrote:
> > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
>
> [...]
>
> Andreas> here's how I understand it:
>
> [...]
>
> Andreas> patch-int is all of the above combined, for (optional)
> Andreas> compilation into the kernel.
>
> "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
[...]
Andreas> have a look at the sourcecode in e.g.
Andreas>
http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-int-2.4.20.1.bz2
Thanks. I'll take a look at that. If you don't mind clarifying
something for me, what is
> "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
[...]
Andreas> here's how I understand it:
[...]
Andreas> patch-int is all of the above combined, for (optional)
Andreas> compilation into the kernel.
That would have been my guess too.
BTW, I've also grepped through the cryptoapi a
Hi!
* Hubert Chan <[EMAIL PROTECTED]> [20030115 21:33]:
> > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
> Andreas> FUD alert! I like loop-AES, too, and would REALLY love general
> Andreas> inclusion into Debian kernels, but this doesn't mean the
> Andreas> authors of alternatives ar
Hi!
* Hubert Chan <[EMAIL PROTECTED]> [20030115 22:55]:
> > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
> Andreas> have a look at the sourcecode in e.g.
> Andreas>
>http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-int-2.4.20.1.bz2
>
> Thanks. I'll take a look at th
> "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
[...]
Andreas> FUD alert! I like loop-AES, too, and would REALLY love general
Andreas> inclusion into Debian kernels, but this doesn't mean the
Andreas> authors of alternatives are/may be idiots.
Andreas> Please don't spread Fear, Unce
> "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
[...]
Andreas> have a look at the sourcecode in e.g.
Andreas>
http://www.kernel.org/pub/linux/kernel/people/hvr/testing/patch-int-2.4.20.1.bz2
Thanks. I'll take a look at that. If you don't mind clarifying
something for me, what is
Hi!
* Hubert Chan <[EMAIL PROTECTED]> [20030115 21:33]:
> > "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
> Andreas> FUD alert! I like loop-AES, too, and would REALLY love general
> Andreas> inclusion into Debian kernels, but this doesn't mean the
> Andreas> authors of alternatives ar
> "Andreas" == Andreas Kotes <[EMAIL PROTECTED]> writes:
[...]
Andreas> FUD alert! I like loop-AES, too, and would REALLY love general
Andreas> inclusion into Debian kernels, but this doesn't mean the
Andreas> authors of alternatives are/may be idiots.
Andreas> Please don't spread Fear, Unce
* Quoting Hubert Chan ([EMAIL PROTECTED]):
> Do the kerneli modules (officially) work with encrypted swap? I know
It works for me.
> encryption, which may allocate new memory, ad infinitum. loop-AES takes
> care of that explicitly, by preallocating memory, but I don't think
> cryptoapi/cryptol
On Tue, Jan 14, 2003 at 10:08:22PM -0500, Hubert Chan wrote:
> > "Rolf" == Rolf Kutz <[EMAIL PROTECTED]> writes:
>
> Rolf> * Quoting Joshua SS Miller ([EMAIL PROTECTED]):
> >> Cryptoswap? Hmm sound like something I was thinking about earlier
> >> today. Do you have a good resource for this?
* Quoting Hubert Chan ([EMAIL PROTECTED]):
> Do the kerneli modules (officially) work with encrypted swap? I know
It works for me.
> encryption, which may allocate new memory, ad infinitum. loop-AES takes
> care of that explicitly, by preallocating memory, but I don't think
> cryptoapi/cryptol
Hi!
* Hubert Chan <[EMAIL PROTECTED]> [20030115 04:20]:
> > "Rolf" == Rolf Kutz <[EMAIL PROTECTED]> writes:
> Rolf> * Quoting Joshua SS Miller ([EMAIL PROTECTED]):
> >> Cryptoswap? Hmm sound like something I was thinking about earlier
> >> today. Do you have a good resource for this?
>
> Ro
On Tue, Jan 14, 2003 at 10:08:22PM -0500, Hubert Chan wrote:
> > "Rolf" == Rolf Kutz <[EMAIL PROTECTED]> writes:
>
> Rolf> * Quoting Joshua SS Miller ([EMAIL PROTECTED]):
> >> Cryptoswap? Hmm sound like something I was thinking about earlier
> >> today. Do you have a good resource for this?
Hi!
* Hubert Chan <[EMAIL PROTECTED]> [20030115 04:20]:
> > "Rolf" == Rolf Kutz <[EMAIL PROTECTED]> writes:
> Rolf> * Quoting Joshua SS Miller ([EMAIL PROTECTED]):
> >> Cryptoswap? Hmm sound like something I was thinking about earlier
> >> today. Do you have a good resource for this?
>
> Ro
> "Rolf" == Rolf Kutz <[EMAIL PROTECTED]> writes:
Rolf> * Quoting Joshua SS Miller ([EMAIL PROTECTED]):
>> Cryptoswap? Hmm sound like something I was thinking about earlier
>> today. Do you have a good resource for this?
Rolf> http://www.kerneli.org/index.php
Do the kerneli modules (offici
> "Rolf" == Rolf Kutz <[EMAIL PROTECTED]> writes:
Rolf> * Quoting Joshua SS Miller ([EMAIL PROTECTED]):
>> Cryptoswap? Hmm sound like something I was thinking about earlier
>> today. Do you have a good resource for this?
Rolf> http://www.kerneli.org/index.php
Do the kerneli modules (offici
* Quoting Joshua SS Miller ([EMAIL PROTECTED]):
> Cryptoswap? Hmm sound like something I was thinking about earlier
> today. Do you have a good resource for this?
http://www.kerneli.org/index.php
- rk
--
Ahahahahaha! Ahahahaha! Aahahaha!
BEWARE!
Yrs sincerely
The Opera Ghost
Cryptoswap? Hmm sound like something I was thinking about earlier
today. Do you have a good resource for this?
Thank you,
Joshua SS Miller
On Tue, 2003-01-14 at 16:15, Dale Amon wrote:
> On Wed, Jan 08, 2003 at 04:16:58AM +, Andrew Sayers wrote:
> > Or search a floppy disk for intelligibl
* Quoting Joshua SS Miller ([EMAIL PROTECTED]):
> Cryptoswap? Hmm sound like something I was thinking about earlier
> today. Do you have a good resource for this?
http://www.kerneli.org/index.php
- rk
--
Ahahahahaha! Ahahahaha! Aahahaha!
BEWARE!
Yrs sincerely
The Opera Ghost
--
To UN
Cryptoswap? Hmm sound like something I was thinking about earlier
today. Do you have a good resource for this?
Thank you,
Joshua SS Miller
On Tue, 2003-01-14 at 16:15, Dale Amon wrote:
> On Wed, Jan 08, 2003 at 04:16:58AM +, Andrew Sayers wrote:
> > Or search a floppy disk for intelligibl
On Wed, Jan 08, 2003 at 04:16:58AM +, Andrew Sayers wrote:
> Or search a floppy disk for intelligible-looking strings:
>
> strings /dev/fd0 | less
Precisely why one should always use cryptoswap.
--
--
Nuke bin Laden: Dale Am
On Wed, Jan 08, 2003 at 04:16:58AM +, Andrew Sayers wrote:
> Or search a floppy disk for intelligible-looking strings:
>
> strings /dev/fd0 | less
Precisely why one should always use cryptoswap.
--
--
Nuke bin Laden: Dale Am
Just a thought, but could one just use cat? I know that you can write
disk image to a floppy with cat, so why should one not be able to cat
/dev/hda1 > imagefile
Any ideas?
Thank you,
Joshua SS Miller
On Mon, 2003-01-13 at 03:19, Jean-Francois Dive wrote:
> already answered but dd | nc (to sen
already answered but dd | nc (to send it to another box) is a classical.
Otherwise, some other tools can give you as well memory dumps which may
sometimes be very usefull.
JeF
On Tue, Jan 07, 2003 at 10:08:22PM -0500, viv wrote:
> Hi.
>
> As a Debian user, i am posting to this list
Just a thought, but could one just use cat? I know that you can write
disk image to a floppy with cat, so why should one not be able to cat
/dev/hda1 > imagefile
Any ideas?
Thank you,
Joshua SS Miller
On Mon, 2003-01-13 at 03:19, Jean-Francois Dive wrote:
> already answered but dd | nc (to sen
already answered but dd | nc (to send it to another box) is a classical.
Otherwise, some other tools can give you as well memory dumps which may
sometimes be very usefull.
JeF
On Tue, Jan 07, 2003 at 10:08:22PM -0500, viv wrote:
> Hi.
>
> As a Debian user, i am posting to this list
viv <[EMAIL PROTECTED]> writes:
> i thought originally that dd would work and tried to 'image'
> a couple of CDs, but they came out to different sizes although
> both were 650MB CDs. The disk sizes differed by about 3 MB,
> so i assumed dd was missing something. Imaging 2
viv <[EMAIL PROTECTED]> writes:
> i thought originally that dd would work and tried to 'image'
> a couple of CDs, but they came out to different sizes although
> both were 650MB CDs. The disk sizes differed by about 3 MB,
> so i assumed dd was missing something. Imaging 2
or' option.
Good Luck :)
Colin
http://www.solution-city.com
-Original Message-
From: viv [mailto:[EMAIL PROTECTED]
Sent: 08 January 2003 07:19
To: DebianSecurity
Cc: Colin Ellis
Subject: RE: raw disk access
Thanks to all for your quick replies.
i thought originall
evice from start to finish, or does it skip / miss something
somewhere?
Thanks again.
On Wed, 2003-01-08 at 11:29, Colin Ellis wrote:
> The best that can be achieved is via 'dd'.
>
> however it is actually impossible to get _real_ raw disk access due to the
&
or' option.
Good Luck :)
Colin
http://www.solution-city.com
-Original Message-
From: viv [mailto:[EMAIL PROTECTED]]
Sent: 08 January 2003 07:19
To: DebianSecurity
Cc: Colin Ellis
Subject: RE: raw disk access
Thanks to all for your quick replies.
i thought originall
evice from start to finish, or does it skip / miss something
somewhere?
Thanks again.
On Wed, 2003-01-08 at 11:29, Colin Ellis wrote:
> The best that can be achieved is via 'dd'.
>
> however it is actually impossible to get _real_ raw disk access due to the
&
The best that can be achieved is via 'dd'.
however it is actually impossible to get _real_ raw disk access due to the
disk IO controllers. As far as I know, all disk IO controllers have
automatic data correction etc and so do hard disks. An accurate copy of the
surface of the disk
The best that can be achieved is via 'dd'.
however it is actually impossible to get _real_ raw disk access due to the
disk IO controllers. As far as I know, all disk IO controllers have
automatic data correction etc and so do hard disks. An accurate copy of the
surface of the disk
What you're asking for is trivially available on all Linux systems.
Through the "/dev" filesystem, the kernel makes many hardware devices
available to ordinary programs. For example, if you had mounted your
target disk as the secondary master hard drive, you could create an
image of the disk by d
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
> i am looking for forensics tools that can be used in computer
> crime investigations, and am particularly interesting in a tool
> that provides raw drive (hard, floppy, CD, DVD, etc.) access in
> order to create comp
Is the `dd` command what you are looking for (in combination with
/dev/loop?), or is there some requirement that wasn't mentioned in
your message?
viv <[EMAIL PROTECTED]> writes:
> i am looking for forensics tools that can be used in computer
> crime investigations, and am particu
man dd
On Tue, 7 Jan 2003, viv wrote:
> Hi.
>
> As a Debian user, i am posting to this list first in the hopes
> that what i am looking for can be found as a Debian package.
>
> i am looking for forensics tools that can be used in computer
> crime investigations, an
Hi.
As a Debian user, i am posting to this list first in the hopes
that what i am looking for can be found as a Debian package.
i am looking for forensics tools that can be used in computer
crime investigations, and am particularly interesting in a tool
What you're asking for is trivially available on all Linux systems.
Through the "/dev" filesystem, the kernel makes many hardware devices
available to ordinary programs. For example, if you had mounted your
target disk as the secondary master hard drive, you could create an
image of the disk by d
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
> i am looking for forensics tools that can be used in computer
> crime investigations, and am particularly interesting in a tool
> that provides raw drive (hard, floppy, CD, DVD, etc.) access in
> order to create comp
Is the `dd` command what you are looking for (in combination with
/dev/loop?), or is there some requirement that wasn't mentioned in
your message?
viv <[EMAIL PROTECTED]> writes:
> i am looking for forensics tools that can be used in computer
> crime investigations, and am particu
man dd
On Tue, 7 Jan 2003, viv wrote:
> Hi.
>
> As a Debian user, i am posting to this list first in the hopes
> that what i am looking for can be found as a Debian package.
>
> i am looking for forensics tools that can be used in computer
> crime investigations, an
Hi.
As a Debian user, i am posting to this list first in the hopes
that what i am looking for can be found as a Debian package.
i am looking for forensics tools that can be used in computer
crime investigations, and am particularly interesting in a tool
64 matches
Mail list logo
