Which expert options to choose for exact image (Real Exact)
A partition and disk imaging/cloning program
Brought to you by:
steven_shiau
Menu
▾
▴
Hello,
First of all, I would like to thank you for your work. This tool is extremely valuable for me and for the community. I have always been searching for such a tool and finally found it. You guys definitely deserve applauds.
I would like to take bit-to-bit image of the internal hard drive of my computer for archival purposes. I want to get an image that gives me 100% confidence so that when I restore the image back to the original internal hard drive, I will a have working system without any errors whatsoever.
The disk is 120 gb ssd and includes windows and ubuntu operating systems with NTFS and EXT4 partitions and grub loader.
From the sources related to clonezilla i.e. forum and faq, I see that some expert options must be altered to make sure the drive will not fail to boot after image restoration. This means Clonezilla modifies or reintalls the mbr, grub loader or sensitive information alike from the source drive somehow, that the target drive becomes unbootable after the image is restored. I definitely don't want that.
Therefore, I strictly want the clonezilla to capture the mbr, partition table, grub loader, file system geometry and even the file system metadata etc. as they were on the source disk without ANY MODIFICATION. And I want Clonezilla to restore those back to the hard drive (from the image) without ANY MODIFICATION as well. I don't want Clonezilla to modify, reinstall, resize, any functional bits or blocks through out saving and restoration process. I want them to stay intact.
You can understand that, I am trying to get a near forensic image. Only difference is that the image should not include unused bytes. I would like to freeze every functional bit of my hard drive in optimum working condition and be able to revert every bit back to the working condition whenever I want.
Is this possible using Clonezilla ? If it is, which expert parameters I should choose during saving and restoration of the image ?
Also, through the articles I read (i.e. pitfalls of mounting file systems, forensic_live_CD_issues)
I am aware that the debian based live cds mounts the filesystems during the boot process without any confirmation from the user. Mounting can cause following unwanted modifications on the internal hard drive such as:
-recovery of dirty file systems
-orphan inode deletion
-swap space activation
-RAID, LVM activation
-root file system spoofing due to Casper script
Is there any precautions taken in clonezilla live cd that the internal hard drive is not modified during the boot process.
Thank you
When you use the expert mode of Clonezilla you have the option to choose which clone program it will use to save the disk image. You can select the following option:
The dd command is the slowest option to create an image, but it uses a block-by-block copy to create the image, reading all of the source diskdrive from the first sector to the last sector. Apperently the image is still compressed, so unused bytes shouldn't be a problem. I just did a test using a virtual machine with a 8GB virtual diskdrive containing no data (just an empty NTFS filesystem), which created an image of about 300MB. I also restored the image as a test. You don't have to use expert mode to restore the image. Clonezilla apperently detects how the image was created and uses the dd mode automatically to restore it.
I hope this helps.
Last edit: Arthur Tromp 2017-09-12
Regarding your last question, I'm not sure if the diskdrive to be imaged is mounted when using the dd mode. It shouldn't be necessary since dd just reads the disk block-by-block regardless of the filesystem it contains, so I'm pretty sure it doesn't.
Thank you for your reply. But, it does not fully solve my problem.
Here I should emphasize that I am currently using SSD. Yes, using the option "only dd" will create smaller image. However when I restore that image back to the drive, the image will be decompressed and the drive will be written full 120 GB again. Doing that each time will severely wear out SSD in the long run.
I only want functional portion of that 120 gb to be captured and written back which will atmost be around 15 GB in a virgin system.
If I reiterate what I want from the clonezilla:
During the image capture process,
when clonezilla starts reading and copying from the source drive (internal hard drive), the sectors containing mbr, partition table and other sensitive information must be copied exactly using dd,
when clonezilla reaches to any of the file systems, it should exactly copy file system metadata, but copy used blocks only inside the file system. (corresponding to the files stored in the file system)
When that image is restored,
Which expert options I must select to do this in image capture and restoration process ?
For example, if I leave expert options as they are, -g auto option is checked by default and it will make clonezilla reinstall the grub and therefore modify the MBR. I dont want that. As another example, e1 auto option will adjust the file system geometry, I dont want that too.
I'm asking you beacuse I do not have a full grasp of what those option are doing behind the scenes.
Regarding my other question,
I tried to ask you that If the clonezilla live cd mounts the internal hard drive during the boot process of the clonezilla live.
In the articles that I brought here, it is shown that in debian based live cds, the internal hard drive will be mounted during the boot process, although it seems it is not mounted when checked after the boot process. Mounting the hard drive will modify the internal hard drive's access times. Is there any precation in the Clonezilla live cd to prevent that.
Regards