|
|
|
|
|
Dd (Unix)dd is a common Unix program whose primary purpose is the low-level copying of files. Introduction dd has a different set of command line options than the ordinary cp command (which copies files in their entirety) that allow copying a fixed number of bytes or blocks, performing on-the-fly byte order conversions, as well as more esoteric EBCDIC to ASCII conversions. Nowadays dd is mostly used to copy regions of raw device files, e.g. backing up the boot sector of a hard disk, or to read fixed amounts of data from special files like /dev/zero or /dev/random. Because dd can copy entire partitions or disks (this is more due to Unix providing access to these devices than the functionality of dd per se), it is used in computer forensics when the contents of a partition need to be preserved in a byte-exact copy. Using cp would not be enough, since data from deleted files that may still be present on a disk are not visible through the file system interface. The command line syntax of dd is unlike that of any other Unix program, resulting in widespread fear and loathing. The fear is due to the fact that dd is used for low-level operations on hard disks: one tiny mistake, and instead of restoring a boot sector one may have rendered an entire disk virtually unusable. The loathing is triggered by the blatant violation of the Unix philosophy of using a common syntax for all command line tools. Usage dd or Options Operands - if=file
- Input File: Read from file instead from standard input.
- of=file
- Output File: Write to file instead to standard output. See also the keyword notrunc.
- ibs=bytes
- Input Block Size: Read bytes bytes at once.
- obs=bytes
- Output Block Size: Write bytes bytes at once.
- bs=bytes
- Block Size: A shortcut for ibs=bytes obs=bytes.
- cvs=bytes
- Convert Block Size: Convert bytes bytes at once. See conv.
- conv=keywords
- Convert the file according to a comma-separated list of keywords.
- skip=blocks
- When starting to read from input, skip blocks number of blocks of size ibs.
- seek=blocks
- When starting to write to output, skip blocks number of blocks of size obs.
Keywords When specifying conv as parameter the following keywords may be used: - ascii
- Convert from EBCDIC to ASCII.
- ebcdic
- Convert from ASCII to EBCDIC.
- ibm
- Convert from ASCII to an alternative EBCDIC.
- block
- Fill datasets which are terminated by a newline-character with space-characters to fit size of cbs.
- unblock
- Replace trailing space-characters in datasets of size cbs with newline-characters.
- lcase
- Change uppercase characters to lowercase.
- ucase
- Change lowercase characters to uppercase.
- notrunc
- Do not truncate output file to zero bytes before writing to it.
- swab
- Swap every pair of input bytes.
- noerror
- Ignore reading errors and continue.
- sync
- Fill every input block with NULL characters. If used with block or unblock fill every input block with space characters.
Notes and units On various systems the option --version is supported. dd will then output its version number and quit. file may be any real file or any block-device file. On certain systems bytes may be specified with multiplicative units. This units may then be: - c
- Character: 1
- w
- Word: 2
- b
- Block: 512
- kD
- Kilo (decimal): 1000
- k
- kBytes: 1024
- MD
- Mega (decimal): 1000000
- M
- MBytes: 1048576
This can be carried on (if available) with G, T, P, E, Z, Y. Examples To copy a imagefile of name floppy.img to a floppy-disk whose block-device name is /dev/fd0, invoke dd in the following way: - dd if=floppy.img of=/dev/fd0
Note: To read a floppy disk to an image-file simply reverse of and if of the previous example.
To create a file with name reallylargefile with the size of 1 GB, filled with random data, do this: - dd if=/dev/random of=reallylargefile count=1073741824
To fill the file with NULL characters, use /dev/zero instead of /dev/random.
To increase writing performance obs can be increased: - dd if=/dev/random of=reallylargefile obs=4096
This will write the first partition of the first harddisk to the file mywindowspartition.image. - dd if=/dev/hda1 of=mywindowspartition.image
Note that this examples are Linux-centric. On other platforms the device names may be different. Anti-examples WARNING: If you care for your data, do NOT try this. The following examples are provided to warn about the dangers of dd, if used incorrectly: This overwrites the complete first harddisk with NULL characters: - dd if=/dev/zero of=/dev/hda
This overwrites the first few blocks of the first harddisk with the file, resulting in a loss of the partition table: - dd if=funnysong.mp3 of=/dev/hda
This will completely corrupt an entire hard disk: - dd if=/dev/dsp of=/dev/hda
Note that this examples are Linux-centric. On other platforms the device names may be different. Other meanings of dd In the vi editor typing of dd in command mode deletes the current line. External links
|
 |
|
| Copyright 2005-2009 OnPedia.com. All Rights Reserved |
|
|