Hi. I am a Computer Forensics student at Century College in MN. I am reviewing some things in preparation of finals for the semester and so have been making images and all that fun stuff. I was hoping I could get a little advice on a small issue; Using the windows ver. of dd I am using the following command to image a flash drive (G)
dd.exe if=\\.\G of=c\images\Usbdrive1.img –md5sum –verifymd5
–md5out=c\images\Usbdrive1.img.md5.txt
The output of the md5out gives the md5 but the verify only shows on the command window. I have tried to use a ">", with and without echo, to capture the verify in a text but it's either not possible or my syntax is wrong
(more likely Razz ).
So, basically my question is this; Can someone hook me up with the syntax to capture the DD md5 verify (and the hash itself) dialog into a text?
So, is my question dumb (GIYF?), unclear, or just boring? Some sort of response would be greatly appreciated. Thanks!
Maybe it would help if you could be a little bit more specific about what you did…for example, it appears that you're trying to capture the output of the "–verifymd5" command, which goes to the command window, into a file…correct?
If that's the case, you mention
"…I have tried to use a ">", with and without echo, to capture the verify in a text but it's either not possible or my syntax is wrong…"
Can you show the syntax you used? Maybe someone can replicate it and develop a solution…
Greetings,
An alternative approach - use dcfldd. It has options for redirecting all of the various outputs. Here's an example dcfldd command we've used
dcfldd \
if=/dev/disk1 \ # Input from /dev/disk1
of=/mnt/T1NTFS/target1-full.img \ # One output to an external drive
of=/mnt/T1EXT3/target1-full.img \ # A second image
conv=sync,noerror \ # Handle disk errors
hash=sha256 \ # Do a sha1 hash
hashlog="tee /mnt/T1NTFS/target1-full.hash" \ # Hash to screen and file
errlog=/mnt/T1NTFS/target1-full.errlog # Error log to disk.
That doesn't help you with your dd problem I realize, but may give you another option.
-David
Thanks so much for responding guys! I figured it out so I guess I kind of jumped the gun on my cry for help (pretty typical of me, heh) I lurk here often (and on Keydet's blog) and I have learned a ton because of guys like you two.
-Sleepy
For the benefit of a fellow new guy, can you explain what was wrong and how you fixed it?
KP