PaulDotCom mailing list archives
Anti-forensic tools
From: strandjs at gmail.com (John Strand)
Date: Fri, 3 Jul 2009 20:13:25 +1000
Ed? Ed? I think I hear him coming... Wait for it........ On Jul 3, 2009, at 7:15 AM, Joshua Wright wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just wanted to point out that my post about copying lemonparty.jpg is the only one that works natively on Windows, the target platform based on the use of "of=\\.\f:". ;P Points for the person who figures out how to do this with a Windows FOR loop. - -Josh Grymoire wrote:dd if=lemonparty.jpg of=\\.\f: bs=512first of all, there is no need to use if= and of= - that's provided as a backwards compatability to JCL (HELLO! we're talking punched cards) Use < and < instead. i.e. dd <lemonparty.jpg >\\.\f: bs=512 And yes, when the end of file is reached, dd will halt. It does not loop the data. Perhaps you can 1) seek blocks before writing 2) Use a bigger file For number 1, I think you can do something like (untested) count=0 while [ $count -lt 500 ] do dd <lemonparty.jpg >\\.\f: seeek=$count bs=512 count=`expr $count + 1` done For #2, you can use any of these sources of data: yes | dd bs=512 count=500 >\\.\f: no | dd bs=512 count=500 >\\.\f: dd bs=512 count=500 </dev/zero >\\.\f: dd bs=512 count=500 </dev/urandom >\\.\f: Usually people use the last one. And they repeat it if they want to make sure the data has been overwritten. I suppose you could do while true do cat lemonparty.jpg done | dd bs=512 count=500 >\\.\f: Hope that helps (new member here - first post) Grymoire _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkpNI4MACgkQapC4Te3oxYxl4ACfVa5Q1gwsXdVoyqsUkMS9WgeI Y8AAoIzcsWhK3C3tlS6hj60yN6+yW22j =Ss8C -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090703/c73c5383/attachment.htm
Current thread:
- Anti-forensic tools, (continued)
- Anti-forensic tools Dimitrios Kapsalis (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Joshua Wright (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)
- Anti-forensic tools Grymoire (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)
- Anti-forensic tools Jack Daniel (Jul 02)
- Anti-forensic tools Joshua Wright (Jul 02)
- Anti-forensic tools John Strand (Jul 03)
- Anti-forensic tools Adrian Crenshaw (Jul 03)
- Anti-forensic tools Ralph Durkee (Jul 03)
- Anti-forensic tools Ralph Durkee (Jul 04)