How to create image of HDD for forensics and security?
08 Jun 2013

You should use dcfldd in order to create image of hard disk for forensics and security.

$ man dcfldd

Example of use:

1. Get disk image:
fdisk -l
dcfldd bs=32k if=/dev/sda of=./image_sda.dd md5log=./image_sda.dd.md5 sha1log=./image_sda.dd.sha1 sizeprobe=if conv=noerror,sync

2. Get disk image through a network:
dd if=/dev/xxx | gzip | ssh user@host "dd of=/path/to/file//xxx.gzip"
ssh user@host "dd if="/path/to/file//xxx.gzip" | gzip -d | dd if=/dev/xxx

3. Get Master Boot Record (MBR):
dd if=/dev/xxx of=mbr.copy bs=512 count=1

DD for Windows:

