Anti-forensic tools

[jim.halfpenny at gmail.com (Jim Halfpenny)]

dd won't write more data than is provided by the source file, so if your
file is 100k in size then it will write 100k to the disk.

Check out the skip option for dd. You need to loop dd so that write one copy
of the image after another. Here's some pseudo code:

for (i = 0; i < SIZE_OF_DISK/SIZE_OF_FILE; i++) {
  dd if=lemonparty.jpg of=\\.\f: skip=i bs=SIZE_OF_IMAGE_FILE
}

Beware of leaving data in slack space!

Jim

2009/7/2 Adrian Crenshaw <irongeek at irongeek.com>

> Yep, apparently it does. It will be a pain in the butt to test them all,
> I'd have to:
> 1. zero out a drive.
> 2. Install Windows.
> 3. run the app in incognito mode.
> 4. dump the drive.
> 5. data carve it to see if anything is there.
>
> As a side note, anyone good out there with dd? I'd like to repeat the same
> file over and over againd to a block device. for example, I try:
>
> dd if=lemonparty.jpg of=\\.\f: bs=512
>
> it only seems to put the file there once, not over the whole drive. I
> played with the count, but that only seems to deal with the bs (block size)
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090702/fa785ba2/attachment.htm