I am a newbie to this whole digital forensics world, and am having a problem cloning a hard drive.
Setup:
laptop with 40gb harddrive with 2 partitions. The laptop had/has windows xp on it, but it won't boot any longer.
desktop system running fedora 9 as my forensics lab machine.
fedora livecd containing dcfldd and some other tools.
Situation:
I boot the laptop using the livecd and login no problem.
I can see the hard drive as /dev/sda.
Both systems are connected to my local network.
I want to make a clone of the laptop harddrive so that I can use it to learn some of the forensic tools available like sleuthkit mac-robber etc.
Steps:
on desktop: start netcat in listening mode port 1234
on laptop run:
dcfldd if=/dev/sda1 conv=noerror,sync hash=md5 hashlog=md5.log | nc desktopsystem 1234 -w 3
All seems to be going just fine the netcat connection is made and dcfldd is displaying its progress.
However, at block 98513, I get an error from dcfldd saying:
error:/dev/sda1 input output error
and the whole process stops.
I tried:
$ dcfldd if=/dev/sda1 of=/dev/null conv=noerror,sync
and it processed the entire 34gb without an error.
Any suggestions would be appreciated for how to get this drive cloned.
I am a newbie to this whole digital forensics world, and am having a problem cloning a hard drive.
Setup:
laptop with 40gb harddrive with 2 partitions. The laptop had/has windows xp on it, but it won't boot any longer.
desktop system running fedora 9 as my forensics lab machine.
fedora livecd containing dcfldd and some other tools.
Situation:
I boot the laptop using the livecd and login no problem.
I can see the hard drive as /dev/sda.
Both systems are connected to my local network.
I want to make a clone of the laptop harddrive so that I can use it to learn some of the forensic tools available like sleuthkit mac-robber etc.
Steps:
on desktop: start netcat in listening mode port 1234
on laptop run:
dcfldd if=/dev/sda1 conv=noerror,sync hash=md5 hashlog=md5.log | nc desktopsystem 1234 -w 3
All seems to be going just fine the netcat connection is made and dcfldd is displaying its progress.
However, at block 98513, I get an error from dcfldd saying:
error:/dev/sda1 input output error
and the whole process stops.
I tried:
$ dcfldd if=/dev/sda1 of=/dev/null conv=noerror,sync
and it processed the entire 34gb without an error.
Any suggestions would be appreciated for how to get this drive cloned.
[ reply ]