Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: BarronVonB
New Today: 0
New Yesterday: 1
Overall: 29281

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Final Year Project
 Android devices with PIN screen lock and without USBdebb. on
 Can file creation and modifications on pendrives be found?
 Viewing real MAC times of a timestomped file
 software that can view files in Volume Slack

Computer Forensics World Forums


Pages Served
We received
49799325
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Help with DCFLDD for Windows..
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Help with DCFLDD for Windows..

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Forensic Software and Tools
View previous topic :: View next topic  
Author Message
tweston1
Newbie
Newbie


Joined: Jan 30, 2014
Posts: 4

PostPosted: Fri Jan 31, 2014 10:05 am    Post subject: Help with DCFLDD for Windows.. Reply with quote

Hello everyone. Unfortunately, searching for help with this program in Windows is IMPOSSIBLE.

Everything I find from Google to YouTube is all Linux.

I need to make an image of a CD in my CD-ROM drive, and place it onto my USB drive.

I was able to make one in Linux but, unbeknownst to me, I also deleted all the files on my flash drive, and now that I'm in Windows, it won't let me proceed without formatting.

I tried the command as such:

dcfldd if= e:\ of= f:\

and the response I get is

dcfldd: f:\: Is a directory

Help?!

Thank you!!!
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Fri Jan 31, 2014 1:16 pm    Post subject: Reply with quote

The error is correct, you have to pipe the output to some file on f:\ You cannot just pipe to the drive.

If you are not into Linux, why use a command line tool in Windows? Why not use something like FTK Imager? Or Tableau TIM?
Back to top
View user's profile
tweston1
Newbie
Newbie


Joined: Jan 30, 2014
Posts: 4

PostPosted: Fri Jan 31, 2014 1:24 pm    Post subject: Reply with quote

Well, I have FTK Imager, but my instructor wanted us to use the command line.

But, I actually have Ubuntu in dual boot. I just haven't really messed around with it until today because it seems like the only way to create an image in this manner.

I realized that for Windows I had to download Cygwin in order to be able to use Linux commands..

Sounds silly to me.

Thank you.
Back to top
View user's profile
tweston1
Newbie
Newbie


Joined: Jan 30, 2014
Posts: 4

PostPosted: Fri Jan 31, 2014 1:34 pm    Post subject: Reply with quote

PreferredUser wrote:
The error is correct, you have to pipe the output to some file on f:\ You cannot just pipe to the drive.

If you are not into Linux, why use a command line tool in Windows? Why not use something like FTK Imager? Or Tableau TIM?


Something I forgot to say. I actually used the Windows command line, and I was able to create an image file, but the file is empty...

On Linux, the same simple command produced an entire image of the DVD no sweat. I just couldn't get it over to Windows for analysis with FTK Imager.

This is driving me insane.

How else can I tell dcfldd to make an image of the DVD drive if not by using the DVD-ROM drive letter?
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Fri Jan 31, 2014 10:57 pm    Post subject: Reply with quote

tweston1 wrote:
Something I forgot to say. I actually used the Windows command line, and I was able to create an image file, but the file is empty...
what kind of file are you ending up with?

tweston1 wrote:
On Linux, the same simple command produced an entire image of the DVD no sweat. I just couldn't get it over to Windows for analysis with FTK Imager.
What kind of file did you produce on Linux? You couldn't copy the file to a USB and then look at it in Windows? Or in your dual-boot scenario you do not know how to read the file from the EXT partition where it is stored from Windows?

tweston1 wrote:
This is driving me insane.

How else can I tell dcfldd to make an image of the DVD drive if not by using the DVD-ROM drive letter?
Your source is OK, although on the linux side using the physical drive is more typical usage of fcfldd. Either way you need to pipe the results to a file like \\hostname\share\imagefile.dd or /attached_storage/folder/imagefile.dd


Several examples:
dcfldd if=/dev/sourcedrive hash=md5,sha256 hashwindow=10G md5log=md5.txt sha256log=sha256.txt \
hashconv=after bs=512 conv=noerror,sync split=10G splitformat=aa of=driveimage.dd



dcfldd if=/dev/sdb1 of=/media/disk/test_image.dd hash=md5,sha1 hashlog=/media/disk/hashlog.txt
Back to top
View user's profile
tweston1
Newbie
Newbie


Joined: Jan 30, 2014
Posts: 4

PostPosted: Sat Feb 01, 2014 3:12 pm    Post subject: Reply with quote

Using the Command Prompt, and adjusting the file paths appropriately, I end up with an image file "test_image.dd. The file is 0 bytes.

I tried specifying a file in the e:\ drive (setup.exe), and it worked. I specified an arbitrary split byte value of 400000, and I ended up with an image file that is 109 KB in size.

It appears that I have the main gist of it down, but I still can't figure out how to create an image of the entire drive and not just one file (setup.exe).

It appears that I don't understand the instructions very well, and even looking at the dcfldd --help doesn't help me figure it out.

Quote:
What kind of file did you produce on Linux? You couldn't copy the file to a USB and then look at it in Windows? Or in your dual-boot scenario you do not know how to read the file from the EXT partition where it is stored from Windows?


Actually, when I performed the task in Linux, Windows would no longer recognize my USB drive without first formatting. So, I was up a creek at that point.

Quote:
Your source is OK, although on the linux side using the physical drive is more typical usage of fcfldd. Either way you need to pipe the results to a file like \\hostname\share\imagefile.dd or /attached_storage/folder/imagefile.dd


Several examples:
dcfldd if=/dev/sourcedrive hash=md5,sha256 hashwindow=10G md5log=md5.txt sha256log=sha256.txt \
hashconv=after bs=512 conv=noerror,sync split=10G splitformat=aa of=driveimage.dd



dcfldd if=/dev/sdb1 of=/media/disk/test_image.dd hash=md5,sha1 hashlog=/media/disk/hashlog.txt


I have tried your examples in Windows, and it just doesn't want to image the entire contents of the disk. I will try these commands in Linux now.

Thank you.
Back to top
View user's profile
athulin
Newbie
Newbie


Joined: Oct 19, 2007
Posts: 237

PostPosted: Sat Feb 01, 2014 6:59 pm    Post subject: Reply with quote

tweston1 wrote:
I have tried your examples in Windows, and it just doesn't want to image the entire contents of the disk. I will try these commands in Linux now.


The example shows that there is a difference in naming between devices and mounted file system. /dev/xxx identifies the 'physical' device, while '/media/whatever' is used to refer to a mounted file system

Hint: The same difference exists in Windows. The volume letters refer to the mounted volumes ... but you don't seem to have found out how the physical/logical drives are referenced in Windows.
(Some other dd for Windows tools translate from volume letter to logical drive name, or can '--list' them for you.)
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Forensic Software and Tools All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.