In my previous tutorial here I showed you how to use "dd" to create an image of a drive, but in this post I will discuss how to create
multiple parts of the same drive image. That is split it into multiple parts rather
than just a single large file.
So you might be thinking what is the utility of this ?
Well the main reason being that if want to create an image of a drive or partition whose size is huge then you will have a problem when you load the image using any forensic tool or hex editor for analysing it. Therefore, it is convenient to create multiple parts of the same and then analysing each one of them. In this tutorial I will tell you how to do so.
Like in my previous tutorial on "dd" we will first find out the device path for the partition or physical drive. We can simply do so by using fdisk. Have a look at the following image :-
![[Image: L0dVSTQ.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_suPO_Qri0cqpgEzZMgRxsZEBeCE9C1SgNouWYTQe1EvAJY9ZE3vWd3Sc4CXRsTmb_ghYKEB5adWzX2n8KFyCRyYA=s0-d)
As you can see we have the flash drive mounted already and the device path being /dev/sdb. Now the command format to create multiple parts of the same image is :-
Well the main reason being that if want to create an image of a drive or partition whose size is huge then you will have a problem when you load the image using any forensic tool or hex editor for analysing it. Therefore, it is convenient to create multiple parts of the same and then analysing each one of them. In this tutorial I will tell you how to do so.
Like in my previous tutorial on "dd" we will first find out the device path for the partition or physical drive. We can simply do so by using fdisk. Have a look at the following image :-
As you can see we have the flash drive mounted already and the device path being /dev/sdb. Now the command format to create multiple parts of the same image is :-
sudo dd if=<device-path> | split -b <Split-Size> - <Image-File-Name>.
So an example command would look something like :-
sudo dd if=/dev/sdb | split -b 1000m - usbflash_image.
if = Input file
<device-path> = /dev/sdb
<Split-Size> = Size of Image Parts (either mb or gb etc.)
What we are doing is we read the data and PIPE it to another command that is split which will split the data and create new file with the file name and numbered in a serialized form like aa, ab, ac etc. What split does here is, it takes read the data and when the size is 1000 megabytes (in the command 1000m) it creates a new file with the file name usbflash_image.aa and the next file being named as usbflash_image.ab and so on. The following image will clear it all :-
![[Image: yjTZAx9.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uDXGsKiYTAxC3hbPrAmx8JEiaRAXE9NL_q7s45uBKYdM2D2VLYd9DT5DVlP-_Y1XQlRZQuWfVvBlYz4wTsCYxjbg=s0-d)
If you have read this post where I applied similar technique to copy a Very large file to a flash drive in Linux. So I hope you like this short tutorial and if you have any doubts then please comment.
Have a nice day and Keep Coding and Keep Learning. Keep Sharing the posts.
Thank you,
Sincerely,
Psycho_Coder.
<device-path> = /dev/sdb
<Split-Size> = Size of Image Parts (either mb or gb etc.)
What we are doing is we read the data and PIPE it to another command that is split which will split the data and create new file with the file name and numbered in a serialized form like aa, ab, ac etc. What split does here is, it takes read the data and when the size is 1000 megabytes (in the command 1000m) it creates a new file with the file name usbflash_image.aa and the next file being named as usbflash_image.ab and so on. The following image will clear it all :-
If you have read this post where I applied similar technique to copy a Very large file to a flash drive in Linux. So I hope you like this short tutorial and if you have any doubts then please comment.
Have a nice day and Keep Coding and Keep Learning. Keep Sharing the posts.
Thank you,
Sincerely,
Psycho_Coder.
0 comments :
Post a Comment