Raw disk copy?
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
Drill the lock out?
Everything makes sense in someone's mind
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
Use RIPlinuX http://www.tux.org/pub/people/kent-robotti/looplinux/rip/[^] booted off a CD, mount a network drive and create an image of the disk on the mounted drive?
Richard Green
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
most of your disk imaging products allow boot from a CD through a tool built into the product, usually a Linux or FreeDos boot. There are free products: http://www.techsupportalert.com/best-free-drive-imaging-program.htm[^] I used to use Macrium which has done me well for a couple of years and let me down recently. Still, for what you want it would be good. You backup a full partition to a USB drive from a CD boot, no fuss, no muss. I believe there is also a disk imaging product built into Linux, so Linux boot again, copy to USB. Unfortunately I don't know the command or if it comes on the live CDs.
_________________________ John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others." Shhhhh.... I am not really here. I am a figment of your imagination.... I am still in my cave so this must be an illusion....
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
Have you tried using a linux Live CD like knoppix to boot the machine. I think the tool dd (disc to disc) has a sector by sector clone feature. It's quite short on "do you really want to do this" type messages though so double check all your source and destinations before setting it running.
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
Have you tried Acronis True Image?
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
I've used DriveImageXML for a long time... It works like charm... And you can use it from the BartPE CDROM... Good luck! :thumbsup:
[www.tamelectromecanica.com] Robots, CNC and PLC machines for grinding and polishing.
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
Hi, Any "Live-CD" Linux distro will do. No third party programs required! Netcat[^] is called the network swiss army knife. On the locked machine:
dd if=/dev/hda bs=16065b conv=noerror | netcat < [Workstation IP] > [Workstation Port]
On your workstation:
netcat -l -p [Port] | dd of=/path/to/your/file/or/diskimage bs=16065b
Best Wishes, -David Delaune
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
You do not mention cost, but in case this is an issue Open Source Forensic Tools[^].
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.”
-
Hi, Any "Live-CD" Linux distro will do. No third party programs required! Netcat[^] is called the network swiss army knife. On the locked machine:
dd if=/dev/hda bs=16065b conv=noerror | netcat < [Workstation IP] > [Workstation Port]
On your workstation:
netcat -l -p [Port] | dd of=/path/to/your/file/or/diskimage bs=16065b
Best Wishes, -David Delaune
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
I believe for Forensic purposes you have to physically copy the drive using a device that does not have write pin (at least with IDE, I don't know about SATA); lock the physical copy in a safe and examine the copy. Otherwise you lose data non-repudiation which is an important concept in forensic analysis.
Need custom software developed? I do custom programming based primarily on MS tools with an emphasis on C# development and consulting. I also do Android Programming as I find it a refreshing break from the MS. "And they, since they Were not the one dead, turned to their affairs" -- Robert Frost
-
DD is a great tool, it's a shame it gets over looked so often though:thumbsdown:
▬▬▬▬▬▬▬▬▬▬▬▬
Lloyd Atkinson wrote:
it's a shame it gets over looked so often
Probably because of
dd if=/dev/hda bs=16065b conv=noerror | netcat < [Workstation IP] > [Workstation Port] netcat -l -p [Port] | dd of=/path/to/your/file/or/diskimage bs=16065bAgh! Reality! My Archnemesis![^]
| FoldWithUs! | sighist | WhoIncludes - Analyzing C++ include file hierarchy -
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
clonezilla live cd ;)
"mostly watching the human race is like watching dogs watch tv ... they see the pictures move but the meaning escapes them"
-
clonezilla live cd ;)
"mostly watching the human race is like watching dogs watch tv ... they see the pictures move but the meaning escapes them"
Second this. Works like a charm, and can save to almost anything, smb, ftp, etc. Very powerful, but not easy mode.
// Steve McLenithan
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
I believe TrueImage will allow you to make a clone to a network or USB hard drive. TrueImage can create a bootable CD that you can be use on the locked system.
Steve _________________ I C(++) therefore I am
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
Paragon Hard Disk Manager will boot from CD and allow you to make an exact image of a drive across a network - I've used it myself to do exactly that more than once. Not free though 8)
-
I need to take a machine and do a raw disk image of it (unused sectors and all) for a forensic type investigation if necessary. The problem is, this machine has a locked case, and the key has been lost. It is bootable to a CD or the hard disk. I don't want to install something on the machine itself, in order to prevent tainting the disk. I need to find a way to do a raw disk image of this machine across the network to my server. I have googled and tried several things (Active@, Ultimate Boot CD for windows) but none have worked. Any suggestions out there? Thanks!
Hello, Did you try HDClone from Miray Software? They provide raw disk copying from a bootable CD. http://www.miray.de/products/sat.hdclone.html[^] I use this to copy my system disk to anoder HD. If my system disk fails, I put the other disk in the PC and I have my system up and running again. Good luck, Freddy.
-
DD is a great tool, it's a shame it gets over looked so often though:thumbsdown:
▬▬▬▬▬▬▬▬▬▬▬▬
I second dd. You'll preserve everything in every sector, including license crap that is written into boot track sectors and sectors that are not part of partitions or filesystems. Make sure you use a block size of 1MB or something or you'll need a haircut before it finishes :) The problem with using dd may be finding a tool that can work with the copied image.
patbob