Re: [sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #240 - 8 msgs
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] RE: sleuthkit-users digest, Vol 1 #240 - 8 msgs
|
From: Seth A. <sa...@im...> - 2005-01-19 22:37:37
|
On Wed, Jan 19, 2005 at 05:28:54PM -0500, SecMan wrote: > John Edwards would probably find some value in using the GRAB program. > Check out the current HELIX bootable Linux disk.=20 > It makes the process of "grabbing" a partition very easy. =20 I didn't get the impression that John wanted the tool for himself, as much as a suggestion of how to make the process easier for first-time users (or people who just like to cut and paste commands :). A quick little: "dd may be used to dump the data from the disk with a very easy command: dd if=3D/dev/sda1 of=3D~/drive_image bs=3D8192 -- be sure to replace the /dev/sda1 with the proper device node for your drive and partition desired [see <foo> for details] and ~/drive_image with a suitable filename for the image" would go a _long_ way to making it easier for users completely unfamiliar with dd. (I spent years mystified by dd; now, if I were only allowed one shell tool on a desert island, I'd probably take dd with me. :) |
