Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COMP41430_LinuxForInvestigators > Lect13 - Advanced dd > Flashcards

Lect13 - Advanced dd Flashcards

1
Q

What are the four steps to carve for a file using xxd and dd?

A
  1. Look for file signature using:
    xxd | grep ffd8
  2. Look for end signature using:
    xxd | grep ffd9
  3. Calculate file count:
    End of sig - start of sig = size of file
  4. Carved file out using DD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does the dd command looks like to carve a file?

A

dd if=/dev/sda of=data.raw bs=1 skip=446 count=64

skip =

Where to start within our input file. This is based on the bs= parameter:

bs=512 skip=63 - we skip 512*63 bytes (32256 bytes)

bs=1 skip 446 - we skip 446*1 bytes (446 bytes)

count =

How many chunks. This is also based on the bs= parameter:

bs=512 count=2 - we copy 512*2 bytes (1024 bytes)

bs=1 count=64 - we copy 64*1 bytes (64 bytes)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can you carve out partitions?

A
  1. Check partitions with fdisk or gdisk
  2. Take note of bs=
  3. Use START & LENGTH and BLOCKSIZE for dd

dd if=able_3.raw of=able_3.part1.raw bs=512 skip=2048 count=102400

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

COMP41430_LinuxForInvestigators (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions