PaulDotCom mailing list archives

Anti-forensic tools

From: jwright at hasborg.com (Joshua Wright)
Date: Thu, 02 Jul 2009 17:15:47 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just wanted to point out that my post about copying lemonparty.jpg is
the only one that works natively on Windows, the target platform based
on the use of "of=\\.\f:".  ;P

Points for the person who figures out how to do this with a Windows FOR
loop.

- -Josh

Grymoire wrote:

dd if=lemonparty.jpg of=\\.\f: bs=512


first of all, there is no need to use if= and of= - that's provided as
a backwards compatability to JCL (HELLO! we're talking punched cards)
Use < and < instead.

i.e.

 dd <lemonparty.jpg >\\.\f: bs=512

And yes, when the end of file is reached, dd will halt.
It does not loop the data. 
Perhaps you can 

              1) seek blocks before writing

              2) Use a bigger file

For number 1, I think you can do something like (untested)

count=0
while [ $count -lt 500 ]
do 
 dd <lemonparty.jpg >\\.\f: seeek=$count bs=512
 count=`expr $count + 1`
done


For #2, you can use any of these sources of data:
              yes | dd bs=512 count=500 >\\.\f:
              no | dd bs=512 count=500 >\\.\f:
              dd bs=512 count=500 </dev/zero  >\\.\f:         
              dd bs=512 count=500 </dev/urandom  >\\.\f:              


Usually people use the last one.

And they repeat it if they want to make sure the data has been overwritten.


I suppose you could do
while true
do
              cat lemonparty.jpg
done | dd bs=512 count=500 >\\.\f:


Hope that helps 
(new member here - first post)

Grymoire


                              


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkpNI4MACgkQapC4Te3oxYxl4ACfVa5Q1gwsXdVoyqsUkMS9WgeI
Y8AAoIzcsWhK3C3tlS6hj60yN6+yW22j
=Ss8C
-----END PGP SIGNATURE-----

Current thread:

Anti-forensic tools, (continued)
- - Anti-forensic tools Adrian Crenshaw (Jul 02)
    - Anti-forensic tools Dimitrios Kapsalis (Jul 02)
    - Anti-forensic tools Adrian Crenshaw (Jul 02)
    - Anti-forensic tools Joshua Wright (Jul 02)
    - Anti-forensic tools Adrian Crenshaw (Jul 02)
    - Anti-forensic tools Jim Halfpenny (Jul 02)
    - Anti-forensic tools Grymoire (Jul 02)
    - Anti-forensic tools Jim Halfpenny (Jul 02)
    - Anti-forensic tools Jack Daniel (Jul 02)
- Anti-forensic tools Grymoire (Jul 02)
  - Anti-forensic tools Joshua Wright (Jul 02)
    - Anti-forensic tools John Strand (Jul 03)
    - Anti-forensic tools Adrian Crenshaw (Jul 03)
    - Anti-forensic tools Ralph Durkee (Jul 03)
    - Anti-forensic tools Ralph Durkee (Jul 04)