Honeypots mailing list archives
Re: preparing Honeypot hard drives
From: Patrick McCarty <mccartyp () apu edu>
Date: Sat, 16 Oct 2004 20:58:29 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Lefty, fdisk will only modify the partition table stored at the beginning of the disk, leaving the rest of the data on the disk intact. a dd command similar to what you describe however would zero the entire device, which is of course preferable if you plan on doing forensics later. So... Go with the dd option :) - -- patrick On Sat, Oct 16, 2004 at 07:24:32PM +0100, Lefti wrote:
Hi all, Is there a difference between running "fdisk c:" on a honeypot (booted from a boot floppy) in order to destroy all the partitions on the hard drive, and running "dd bs=1000k < /dev/zero > /dev/sda" ?? The fdisk command will be much easier to deliver because as far as I know, the 'dd' command for win32 will only run within windows. I'm try to prepare my hard disk such that when it comes to doing forensics, I'm not picking up data from old installations. Many thanks, Lefti
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBce3lpPYocrgNjZgRAojsAKDK64aw0/GO3kWrL3CSHrsZQU1GhACfbQSm pDWgPn2nA7fQ/nprjAOBvH4= =h2BY -----END PGP SIGNATURE-----
Current thread:
- preparing Honeypot hard drives Lefti (Oct 16)
- Re: preparing Honeypot hard drives Patrick McCarty (Oct 17)
- Re: preparing Honeypot hard drives Maximillian Dornseif (Oct 17)