Hi, im trying to image a hdd using netcat. Does anyone know the pipe function to split the image file up into chunks on my FAT target drive?
thank you
Which OS are you running netcat on?
i am running netcat on windows xp. This is the first time ive tried this before. I can get it to copy fine but as my target hdd is FAT its not long before it reaches its max file size without fragmenting the image file
Tooty,
You should consider making use of Google…
http//
http//
This site has instructions on how to use a specific version of dd.exe to fragment the output…
http//
I hope this helps,
H
ah ok ive had a look and things seem to be different from what im trying. i have netcat on target machine and helix gui on my practice suspect machine. So far i type
nc 177.80.0.55 -l -p 8888 > E\myimage
and this starts to copy (i selected the c to copy on the suspect machine using the helix gui)
I thought it would just be a case of adding a pipe function (think they are called this) so that it would just segement the file?
A Netcat transfer works by using a listener and a sender. You can (and normally do) use the same tool on both the listener and the sender, but the syntax is different depending on the role of the systems. The syntax above is a mix of listener and sender, so that's part of the problem.
A listener syntax would be
nc -l -p 8888 > E\myimage
A sender syntax would be
dd <blah> | nc 177.80.0.55 8888
where <blah> is the needed dd options from Harlan's references
and | is the pipe function you mentioned
Hope this helps.
Dennis
I think 'split' is the command you need.
I'm no guru, but I'm sure you can pipe the output of dd through split first and then out via netcat.
I'm sure a guru will be along in a minute though.
I'm sure a guru will be along in a minute though.
I'm no guru, but I could have sworn that the link that I provided to the FAU was exactly what the OP was asking for…otherwise, I haven't found anything that would allow him to split the image file without typing multiple commands (ie, one for each split file).
Oh, well…
From
Use the ‘–chunk’ option with DD to segment output. For example the following command will image a logical volume in 2 GiB segments
dd.exe -v if=\\.\F of=h\filename.img conv=noerror –chunk 2GiB –log –cryptsum md5 –cryptsum sha1 –localwrt
Or, using split
On the your forensic server
nc –v –n –l -s <IPAddr to listen on> –p 8888 | split -b 600m - <ExhibitName>
On the system to be imaged
dd if=/dev/<device> conv=noerror,sync | nc <TargetIP> 8888
Hope this helps,
James