PaulDotCom mailing list archives
Anti-forensic tools
From: rd at rd1.net (Ralph Durkee)
Date: Fri, 03 Jul 2009 17:39:05 -0400
The following simple loop should do it. for /L %I IN (1,0,2) DO @type lemonparty.jpg | dd if=- of=\\.\f: bs=512 -- -- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN Principal Security Consultant Joshua Wright wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just wanted to point out that my post about copying lemonparty.jpg is the only one that works natively on Windows, the target platform based on the use of "of=\\.\f:". ;P Points for the person who figures out how to do this with a Windows FOR loop. - -Josh Grymoire wrote:dd if=lemonparty.jpg of=\\.\f: bs=512first of all, there is no need to use if= and of= - that's provided as a backwards compatability to JCL (HELLO! we're talking punched cards) Use < and < instead. i.e. dd <lemonparty.jpg >\\.\f: bs=512 And yes, when the end of file is reached, dd will halt. It does not loop the data. Perhaps you can 1) seek blocks before writing 2) Use a bigger file For number 1, I think you can do something like (untested) count=0 while [ $count -lt 500 ] do dd <lemonparty.jpg >\\.\f: seeek=$count bs=512 count=`expr $count + 1` done For #2, you can use any of these sources of data: yes | dd bs=512 count=500 >\\.\f: no | dd bs=512 count=500 >\\.\f: dd bs=512 count=500 </dev/zero >\\.\f: dd bs=512 count=500 </dev/urandom >\\.\f: Usually people use the last one. And they repeat it if they want to make sure the data has been overwritten. I suppose you could do while true do cat lemonparty.jpg done | dd bs=512 count=500 >\\.\f: Hope that helps (new member here - first post) Grymoire _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkpNI4MACgkQapC4Te3oxYxl4ACfVa5Q1gwsXdVoyqsUkMS9WgeI Y8AAoIzcsWhK3C3tlS6hj60yN6+yW22j =Ss8C -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- -- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN Principal Security Consultant 585-624-9551 http://rd1.net
Current thread:
- Anti-forensic tools, (continued)
- Anti-forensic tools Joshua Wright (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)
- Anti-forensic tools Grymoire (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)
- Anti-forensic tools Jack Daniel (Jul 02)
- Anti-forensic tools Joshua Wright (Jul 02)
- Anti-forensic tools John Strand (Jul 03)
- Anti-forensic tools Adrian Crenshaw (Jul 03)
- Anti-forensic tools Ralph Durkee (Jul 03)
- Anti-forensic tools Ralph Durkee (Jul 04)