dd in general is a data management tool and was not particularly built for forensics purposes. Therefore it has its shortcomings.
dd can duplicate data across files, devices, partitions and volumes. The data may be input or output to and from any of these; but there are important differences concerning the output when going to a partition. Also, during the transfer, the data can be modified using the conv options to suit the medium.
dd is a general management tool which is not suitable for forensics use. On the other hand dcfldd can act as a general management tool and also its new features support forensics data acquisition.
if you want to overwrite the disk multiple times to restrict anyone to rebuild the data once you delete follow this command.# dd if=/dev/zero of=/dev/sda1It will Write zeroes on /dev/sda1 if Using /dev/urandom file as your source, one can write a disk filled with random characters:# dd if=/dev/urandom of=/dev/sda1
Suppose you want to create an exact image of an entire disk of data that's been designated as /dev/sda. You've plugged in an empty drive (ideally having the same capacity as your /dev/sda system). The syntax is simple: if= defines the source drive and of= defines the file or location where you want your data saved:
dd in general is a data management tool and was not particularly built for forensics purposes. Therefore it has its shortcomings.
dd can duplicate data across files, devices, partitions and volumes. The data may be input or output to and from any of these; but there are important differences concerning the output when going to a partition. Also, during the transfer, the data can be modified using the conv options to suit the medium.
found a post for dd commands : https://www.geeksforgeeks.org/dd-command-linux/
dd is a general management tool which is not suitable for forensics use. On the other hand dcfldd can act as a general management tool and also its new features support forensics data acquisition.
if you want to overwrite the disk multiple times to restrict anyone to rebuild the data once you delete follow this command. # dd if=/dev/zero of=/dev/sda1 It will Write zeroes on /dev/sda1 if Using /dev/urandom file as your source, one can write a disk filled with random characters: # dd if=/dev/urandom of=/dev/sda1
Basic dd operations
Suppose you want to create an exact image of an entire disk of data that's been designated as /dev/sda. You've plugged in an empty drive (ideally having the same capacity as your /dev/sda system). The syntax is simple: if= defines the source drive and of= defines the file or location where you want your data saved:
# dd if=/dev/sda of=/dev/sdb
For example:
# dd if=/dev/sda of=/home/username/sdadisk.img