Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DCFLDD Updates (v1.2.2)

from [Nicholas Harbour] Network Security [Permanent Link]
Subject: DCFLDD Updates (v1.2.2)
Date: Tue, 3 May 2005 16:46:33 -0700 (PDT) 
<a
href="http://sourceforge.net/project/showfiles.php?group_id=115587";>dcfldd
releases</a>

Sorry for the back to back releases, but I had to fix
one huge bug as well as let you guys start playing
with some new features!  I am going with the open
source philosophy of "Release early, release often"
with this, because I need the feedback to get this
package back to where it should be by now.  The next
big version (v1.3) is going to be awesome but I
probably won't have it ready for about another month
or so.

Here is a list of changes from v1.2:
- Fixed the simple yet critical large file support
bug.

- Default blocksize set to 32k.  32k is a pretty good
"sweet spot" for block device IO while not losing too
much data if you hit a bad block.  

- Added a verify capability.  You can now use dcfldd
to verify that a drive was wiped or imaged properly. 
Specify any input (i.e. a pattern or an image file)
and instead of saying "of=/dev/hdb" sas "vf=/dev/hdb"
and it will do a very fast comparison based on the
hashwindows. There is a lot more to say about this
capability, but I am trying to keep this email short
:)

- Changed "hashalgorithm=" to "hash=".  hashalgorithm
is still supported nomenclature though.

- Now supports doing multiple hashes at once.  you can
say, for example, "hash=md5,sha1,sha256" and it will
do them all concurrently.  If you want to split off
the outputs you can say "md5log=FILE" or
"sha1log=FILE" etc.  "hashlog=" still catches any of
them that you don't point somewhere else.

- TOTALLY restructured the codebase.  dcfldd.c is now
no longer one huge monolithic mess, but split into
small easily manageable pieces.  I had to do this if I
wanted to continue adding features.  It also makes it
easier for you, my fellow hackers, to grok the code.

- Funny error message output greatly improved.


Here are some example command lines using the verify
capability:

To verify that a drive is wiped with binary 0s:

dcfldd pattern=00 vf=/dev/hdb

to verify that an image file was properly restored:

dcfldd if=myimage.dd vf=/dev/hdb

or to verify that a hard drive was properly imaged:

dcfldd if=/dev/hdb vf=myimage.dd

Here is a command line which runs all available hashes
and sends md5, sha1 and sha512 data to separate files
while sending sha256 and sha384 to the same file:

dcfldd if=/dev/hdb of=/dev/null
hash=md5,sha1,sha256,sha384,sha512 md5log=md5.txt
sha1log=sha1.txt sha512log=sha512.txt
hashlog=others.txt

Enjoy!

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
  • DCFLDD Updates (v1.2.2), Nicholas Harbour <=
Previous by Date:  SARC Steganography Examination & Prevalence Survey, Chad W. Davis
Next by Date:  Re: File system recovery problem, joe henderson
Previous by Thread:  SARC Steganography Examination & Prevalence Survey, Chad W. Davis
Next by Thread:  DCO discovery & removal, capabilities of imaging & wiping tools, Arne Vidström
Indexes:  [Date] [Thread] [Top] [All Lists]