You can use size and count together if you wanted to image the first GB of a larger media device. It would look like this 'bs=1G count=1 --size --progress' etc. Count is telling dd to only image the first block. Since we defined a block size at 1GB, it will capture the first GB on a storage device. You can also skip certain blocks or name specific blocks with the 'skip' and 'seek' parameters, respectively. Thanks for viewing and taking the time to comment!
Unlikely, it is only suitable then you have direct access. So only internal drives, usb drives, sd cards, etc. but when it’s a phone or a network share it won’t work. You could use it to image the micro sd of a phone though.
No, but actually yes. If you formatted your drive you should use this tool to make a backup of it. Then use the created .dd file in photorec or some other tool. You could also directly use photorec, but when you don’t know the status of the drive, like when it has errors, or is otherwise corrupted, a clone of the drive is smarter because in case the photorec fails and you try another tool the drive might already be dead.
For forensics never ever try to extract data directly from the device itself, always always create image and work on it. While working directly on device/drive can corrupt the data.
I also try to create image of data through dd but when I extract image file then extracted data is also corrupted. Can you please share exact commands to make and extract image file.
Great video sir! Instead of --size can we use count=1g saying that only to copy 1g blocks from source(USB)?
You can use size and count together if you wanted to image the first GB of a larger media device. It would look like this 'bs=1G count=1 --size --progress' etc. Count is telling dd to only image the first block. Since we defined a block size at 1GB, it will capture the first GB on a storage device. You can also skip certain blocks or name specific blocks with the 'skip' and 'seek' parameters, respectively. Thanks for viewing and taking the time to comment!
@@dfirnoob9787 thanks!
What if we do not want to play with block sizes & counts stuff and just want take the full direct disk image of machine ?
can we use this tool to create forensics image (.dd) for android and iOS devices?
Unlikely, it is only suitable then you have direct access. So only internal drives, usb drives, sd cards, etc. but when it’s a phone or a network share it won’t work. You could use it to image the micro sd of a phone though.
can i use this to recover formatted harddrives?
No, but actually yes. If you formatted your drive you should use this tool to make a backup of it. Then use the created .dd file in photorec or some other tool. You could also directly use photorec, but when you don’t know the status of the drive, like when it has errors, or is otherwise corrupted, a clone of the drive is smarter because in case the photorec fails and you try another tool the drive might already be dead.
How to create android forensic image
do you need a usb blocker? or does this block the USB?
can i know how to verify this with using hash mechanishm
Hello Sir,
I used this method to transfer data from one drive to another but the transferred data was corrupted. Is there any reason behind this?
For forensics never ever try to extract data directly from the device itself, always always create image and work on it. While working directly on device/drive can corrupt the data.
I also try to create image of data through dd but when I extract image file then extracted data is also corrupted. Can you please share exact commands to make and extract image file.
Can I use this command for c drive (containing OS)
@@syedaumerubab9453 Did you use any other method before using dd? Especially to extract data directly from your device?
@@syedaumerubab9453 if it shows in device list you can do it. I will recommend you not to sore the image file on your PC.
niiice