-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-02-03 22:07, Greg Freemyer wrote:
FYI: We actually do something closer to dd if=/dev/sda of=/evidence_drive/computer_name.img bs=4K conv=noerror, sync
The resulting file is called a dd forensic image and is the basis of many civil and criminal court actions.
If you master typing in the above you have mastered the first step of being a computer forensic examiner. (There are lots of ways to create a forensic image, but the above really is how we do it.)
I do that to analyze and recover damaged filesystems. Interesting the "conv=noerror" thing.
disclaimer: The State of Georgia, USA says that if you use the above command to collect potential evidence for a paying client to use in a court case you have to have a PI license. Same for South Carolina. Why that makes sense I have no idea.
Bet you never saw that disclaimer before!!
Nop :-)
Greg PI license # available upon request :)
What is a PI? I know about the math symbol, though :-p - -- Cheers / Saludos, Carlos E. R. (from 11.2 "Emerald" GM (bombadillo)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAktp6bYACgkQU92UU+smfQWyUgCfaRMbThrvIwgisAjmAHMe4ZAZ dCEAn25R5Inbikm67pJnJw69uKs7j5rV =8Diu -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org