On Mon, Feb 27, 2012 at 1:23 PM, jdd <jdd@dodin.org> wrote:
Le 27/02/2012 15:11, Hans Witvliet a écrit :
It might me a waste of time, as it also copies empty parts of the file system though.
yes, and waste of space
jdd
If you install ewftools from the security repo (or factory if you're brave), there is a command "ewfacquire". http://linux.die.net/man/1/ewfacquire It is basically like dd on steroids, but uses a very different syntax. It has compression built in by design as well internal CRC checksums and an overall hash (md5). It is also smart enough to look for sectors full of nulls and compress them extra well. All that is kept within the image file set. (By default it breaks the image_file down in the 1.4GB chunks. ie. image_chunks.*) Then you can use ewfexport to restore the disk to how it was originally. (ie. ewfexport -t - image_chunks.* > /dev/sda) fyi: this type of image is called an EnCase image or Expert Witness Format (ewf) image. It is widely used by computer forensics professionals. Many consider it more robust than just plain dd, and the compression feature is nice too since it knows its working with disks / sectors. fyi2: ewf does not ignore unused space. It still considers that important, so a tool that ignores freespace could be even more efficient. fyi3: I'm trying to package guymager now. It's a QT front-end instead of CLI and supports more image formats than just ewf. But it may not be in security for a week or two. It has a cool look and feel: http://guymager.sourceforge.net/ Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org