forensic sector by sector copy software

dcfldd

http//dcfldd.sourceforge.net/

Also, SANS SIFT Workstation has many free tools, including imaging tools.

dcfldd

http//dcfldd.sourceforge.net/

Also, SANS SIFT Workstation has many free tools, including imaging tools.

Thank you very much, you know windows based any software?

FTK imager, but I don't think FTK imager creates a sector-by-sector copy of the device the same way dcfldd does. FTK imager can create image files (which are better anyway, but doesn't address your question.)

SANS SIFT can also be run in VMWare Player, so it will also work with Windows.

When you say "sector by sector" are you meaning to say "bit for bit"?

This is the term usually associated with a forensic "whole disc" image.

FTK imager is the probably the best windows based software and it can do DD and E01 format images, as well as a couple others you are never likely to use or need.

Beyond that you are going to need other software to read that image once you've acquired it. What is the end goal here?

See here
http//www.911cd.net/forums//index.php?showtopic=16534
and links within.
dsfok package
dd for windows
all the dd-like tools listed here
http//reboot.pro/topic/15207-why-everything-is-so-dmn-diificult-a-web-quest-for-ddexe/
and datarescue dd
http//www.datarescue.com/photorescue/v3/drdd.htm
are all sector by sector (or byte by byte or bit by bit)

jaclaz

Personally, I copy data QWORD by QWORD.

FTK imager, but I don't think FTK imager creates a sector-by-sector copy of the device the same way dcfldd does.

Why not? What is the difference?

Because FTK Imager is an imaging software, not a duplication software.

FTK Imager is able to copy all the bytes from a drive into files on a destination drive, whereas a duplication software/system such as dd, dcfldd, Solo4, Logicube Quest, Tableau TD3 is also able to duplicate the drive, including unallocated space and making the copy bootable (if the source drive is bootable of course).