This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.
Posted: Tue Nov 10, 2009 11:35 am Post subject: Standalone drive cloning software
Hi everyone. Very interesting place here. I have no involvement with computer forensics; I found CFW through web searches for an app that I can use to clone my HDDs. My search was surprisingly fruitless, but it looks like this is the right crowd for my question.
To date, I've been using Acronis software, which I realize does not actually clone drives (ie. it is not a bit-for-bit copy). This has been fine, but I recently encrypted my drives and this has closed the door on just about every app I can find.
I've read several threads here, and from what I've seen I can say that I don't necessarily need forensic-quality cloning, in the sense that I don't care about hashes or the like. My needs are not forensic -- I just need to be able to create backups of my drives.
The trick of course is that the entire drive is encrypted -- everything but the boot record, obviously -- so I really do need something that will just go out and copy everything it finds. No "helpful" software that tries to analyze what it finds, no compression, etc. Just find a byte, copy a byte, lather, rinse, repeat.
I've followed links from here to FTK software and a few others, and while they look like they would indeed do the job, they're way too expensive for my personal needs (no doubt in part because they also include tons of other features that I don't need).
I run WinXP, but what I really need is a bootable solution that operates independently of the OS. Considering that the OS itself is encrypted, this is actually a necessity. I'm an old-school CP/M / DOS guy, been fiddling with this stuff for 25 odd years, so I'm not at all afraid of Linux or command-line based stuff. I just need something that will work. And I'm certainly not opposed to commercial software (i.e. costs money), just not to the tune of $3,500.
(Freeware / open-source is certainly preferred, of course ...)
Joined: Oct 03, 2007 Posts: 41 Location: On the forum
Posted: Tue Nov 10, 2009 11:27 pm Post subject:
You may also be able to use the 'partimage' command on a Linux distro. This command saves a given partition onto an .img file and you have the option to compress it with gzip or bzip2. You can also set it to break the image file into smaller files, so they can be burned to cds or dvds. You can also use the command to restore an image file.
Posted: Tue Nov 17, 2009 10:14 am Post subject: Image
PreferredUser wrote:
dd or any of the variants will make a bit-by-bit copy. Helix, Cain, etc. all include some variant(s) of dd and are bootable.
I agree with PreferredUser, DD will likely be the best bet in your case. I would recommend burning a copy of BartPE with dd on board to provide a way to image it back and forth. DD's command is rather easy to use as well:
Code:
' copy from drive1 to drive2 byte by byte
dd if=\\.\PhysicalDrive0 of=\\.\PhysicalDrive1
'copy from drive 1 to image file
dd if=\\.\PhysicalDrive0 of="D:\drive1.img"
Posted: Thu Feb 04, 2010 3:23 am Post subject: Hardcopy II
Hardcopy II by VOOM Technologies is an excellent stand alone, bit by bit HDD copy hardware. We own one and it is great. It does more than just copy/clone as well.
Blackegg... _________________ A+
Net+
BDRA
Joined: Jan 01, 2007 Posts: 651 Location: Midwest, USA
Posted: Thu Feb 04, 2010 8:29 am Post subject: Re: Hardcopy II
Blackegg wrote:
Hardcopy II by VOOM Technologies is an excellent stand alone, bit by bit HDD copy hardware. We own one and it is great. It does more than just copy/clone as well.
Blackegg...
Certainly one of many excellent hardware based drive cloning devices, but at over $1K, and based on the OP writing, "(Freeware / open-source is certainly preferred, of course ...)" it may be more than is budgeted.
Joined: Nov 01, 2005 Posts: 292 Location: Marion, Indiana, USA
Posted: Sat Jul 17, 2010 10:02 pm Post subject:
As long as the hash of the copy is the same as the hash from the original, the method used to copy it doesn't matter. All that does matter is that it is an EXACT copy.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
