Skip to content

ParrotSec/rdd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

debian

debian

 
 

doc

doc

 
 

gui

gui

 
 

m4

m4

 
 

src

src

 
 

test

test

 
 

COPYING

COPYING

 
 

INSTALL

INSTALL

 
 

Makefile.am

Makefile.am

 
 

Makefile.in

Makefile.in

 
 

README

README

 
 

aclocal.m4

aclocal.m4

 
 

config.h.in

config.h.in

 
 

configure

configure

 
 

configure.ac

configure.ac

 
 

depcomp

depcomp

 
 

install-sh

install-sh

 
 

missing

missing

 
 

Repository files navigation

INSTALLATION

Configuration and installation details are discussed in the
INSTALLATION file in this directory.


FAQ

Q. Rdd used to report "time left to completion".  Now it only reports
   how much has already been copied.  Why?

A. To report an estimated time of completion rdd needs to know the size
   of the data that is to be copied.  It's easy to obtain the size of a
   regular file, and for regular files rdd still estimates the time of
   completion.  Few people use rdd to copy regular files, so they don't
   notice this.

   For special files, and that includes /dev/hda and /dev/sda, there
   appears to be no portable way to determine their size.  On Linux
   rdd used an lseek(2) to the end of the special file, but this trick
   fails miserably on platforms such as FreeBSD.  For this reason,
   rdd now reads from a special file until it reaches end-of-file, without
   knowing in advance how many bytes it will read.


Q. What's all this about raw devices?

A. Under Linux, direct disk access is normally achieved by reading
   from /dev/hda or from /dev/sda.  Data that is returned when you
   read from /dev/hda travels through the kernel's buffer cache
   system.  This is unnecessary.  More importantly, when a disk
   contains a bad sector, you may loose more data than just that
   particular sector.  I have not yet figured this out in detail,
   but it probably has to do with reading full pages instead of
   individual sectors.  This problem appears to go away when the
   disk is accessed as a raw device (e.g. /dev/raw/raw1).

   Support for raw-device access is entirely experimental, available
   only for Linux, and disabled by default.  To experiment with
   raw devices specify --enable-raw-device when you configure rdd.

   To bind a raw device to a block device such as /dev/hda type

	   raw /dev/raw/raw1 /dev/hda


Q. Why do I have to specify -r when I read from a raw device (e.g.
   /dev/raw/raw1)?

A. When applied to a raw device, read(2) does not return zero when
   end-of-file is reached.  Instead, read(2) returns -1 and sets
   errno to ENXIO.  This is now used as the end-of-file test for
   raw devices.  I do not want to include this into the general-purpose
   test for all inputs, because it may cause rdd to ignore true errors
   reported by non-raw devices.  Therefore, this test is activated
   only when you specify the -r option.

About

forensic remake of DD

Resources

Readme

License

View license
Activity
Custom properties

Stars

3 stars

Watchers

6 watching

Forks

2 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages