PaulDotCom mailing list archives
Anti-forensic tools
From: jim.halfpenny at gmail.com (Jim Halfpenny)
Date: Thu, 2 Jul 2009 16:27:09 +0100
dd won't write more data than is provided by the source file, so if your file is 100k in size then it will write 100k to the disk. Check out the skip option for dd. You need to loop dd so that write one copy of the image after another. Here's some pseudo code: for (i = 0; i < SIZE_OF_DISK/SIZE_OF_FILE; i++) { dd if=lemonparty.jpg of=\\.\f: skip=i bs=SIZE_OF_IMAGE_FILE } Beware of leaving data in slack space! Jim 2009/7/2 Adrian Crenshaw <irongeek at irongeek.com>
Yep, apparently it does. It will be a pain in the butt to test them all, I'd have to: 1. zero out a drive. 2. Install Windows. 3. run the app in incognito mode. 4. dump the drive. 5. data carve it to see if anything is there. As a side note, anyone good out there with dd? I'd like to repeat the same file over and over againd to a block device. for example, I try: dd if=lemonparty.jpg of=\\.\f: bs=512 it only seems to put the file there once, not over the whole drive. I played with the count, but that only seems to deal with the bs (block size) _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090702/fa785ba2/attachment.htm
Current thread:
- Anti-forensic tools, (continued)
- Anti-forensic tools Mad Marv (Jul 01)
- Anti-forensic tools Cody Ray (Jul 01)
- Anti-forensic tools Chris Merkel (Jul 01)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Dimitrios Kapsalis (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Joshua Wright (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)
- Anti-forensic tools Grymoire (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)
- Anti-forensic tools Jack Daniel (Jul 02)
- Anti-forensic tools Joshua Wright (Jul 02)
- Anti-forensic tools John Strand (Jul 03)
- Anti-forensic tools Adrian Crenshaw (Jul 03)
- Anti-forensic tools Ralph Durkee (Jul 03)
- Anti-forensic tools Ralph Durkee (Jul 04)