forensic sector by ...
 
Notifications
Clear all

forensic sector by sector copy software

9 Posts
7 Users
0 Likes
871 Views
(@gehlen)
Posts: 35
Eminent Member
Topic starter
 

Hi guys,

I need a free forensic sector by sector copy software… I wait yor advices.
Thank you very much.

 
Posted : 20/02/2013 2:01 am
Bulldawg
(@bulldawg)
Posts: 190
Estimable Member
 

dcfldd

http//dcfldd.sourceforge.net/

Also, SANS SIFT Workstation has many free tools, including imaging tools.

 
Posted : 20/02/2013 2:14 am
(@gehlen)
Posts: 35
Eminent Member
Topic starter
 

dcfldd

http//dcfldd.sourceforge.net/

Also, SANS SIFT Workstation has many free tools, including imaging tools.

Thank you very much, you know windows based any software?

 
Posted : 20/02/2013 2:15 am
Bulldawg
(@bulldawg)
Posts: 190
Estimable Member
 

FTK imager, but I don't think FTK imager creates a sector-by-sector copy of the device the same way dcfldd does. FTK imager can create image files (which are better anyway, but doesn't address your question.)

SANS SIFT can also be run in VMWare Player, so it will also work with Windows.

 
Posted : 20/02/2013 2:59 am
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

When you say "sector by sector" are you meaning to say "bit for bit"?

This is the term usually associated with a forensic "whole disc" image.

FTK imager is the probably the best windows based software and it can do DD and E01 format images, as well as a couple others you are never likely to use or need.

Beyond that you are going to need other software to read that image once you've acquired it. What is the end goal here?

 
Posted : 20/02/2013 5:59 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

See here
http//www.911cd.net/forums//index.php?showtopic=16534
and links within.
dsfok package
dd for windows
all the dd-like tools listed here
http//reboot.pro/topic/15207-why-everything-is-so-dmn-diificult-a-web-quest-for-ddexe/
and datarescue dd
http//www.datarescue.com/photorescue/v3/drdd.htm
are all sector by sector (or byte by byte or bit by bit)

jaclaz

 
Posted : 20/02/2013 8:16 pm
Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

Personally, I copy data QWORD by QWORD.

 
Posted : 22/02/2013 1:49 pm
(@athulin)
Posts: 1156
Noble Member
 

FTK imager, but I don't think FTK imager creates a sector-by-sector copy of the device the same way dcfldd does.

Why not? What is the difference?

 
Posted : 22/02/2013 4:59 pm
(@thepm)
Posts: 253
Reputable Member
 

Because FTK Imager is an imaging software, not a duplication software.

FTK Imager is able to copy all the bytes from a drive into files on a destination drive, whereas a duplication software/system such as dd, dcfldd, Solo4, Logicube Quest, Tableau TD3 is also able to duplicate the drive, including unallocated space and making the copy bootable (if the source drive is bootable of course).

 
Posted : 22/02/2013 6:30 pm
Share: