SPLIT: BREAKING UP IMAGES ON THE FLY

You may find yourself in the situation where your image is going to be too large for the file system to handle. In addition, you may want to break up an image for transport on smaller media, such as CD-ROM or DVD-R. The simplest way to do this is to use the standard Unix utility, split. You can simply pipe the output from dd to split in the manner shown here:

 dd if=/dev/hda conv=noerror,sync  split -b 640m - image. 

However, if you want to be able to hash on the fly while splitting the image, you will need to use a third-party utility such as tpipe that will allow you to send the dd output to multiple commands. See the following command to understand how to structure the process:

 dd if=/dev/hda conv=noerror,sync  tpipe "split -b 640m - image."  md5sum 

This command will pull an image of the hard drive, split it into 640MB chunks , and then hash the entire thing for you. A couple of notes on the command-line arguments for split:

  • -b This is the flag which specifies how big the chunks should be. The examples above use 640m , which means 640MB. You can use either m or k at the end to represent megabytes and kilobytes, respectively.

  • - In Unix, the - character represents stdin . This tells split to read the input file from the standard input as opposed to a file that exists on the hard drive. If you wanted to break up an image that already exists, you'd place the image filename here instead.

Finally, if you want to rejoin previously split files at analysis time, you can simply use cat and append the pieces. Just make sure that whatever file system you are performing the analysis on can handle the increased file size .



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net