skip navigation

CrimeSolutions.gov

Add your conference to our Justice Events calendar

PUBLICATIONS

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
 
NCJ Number: NCJ 196352   Add to Shopping cart   Find in a Library
Title: Test Results for Disk Imaging Tools: dd GNU fileutils 4.0.36, Provided with Red Hat Linux 7.1
Corporate Author: National Institute of Standards and Technology (NIST)
United States of America
Date Published: 08/2002
Page Count: 62
Sponsoring Agency: National Institute of Justice
US Department of Justice
Office of Justice Programs
United States of America
Grant Number: 94-IJ-R-004
Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America
Document: PDF 
Type: Test/Measurement
Language: English
Country: United States of America
Annotation: This report presents test findings for one commonly used computer disk imaging tool, the dd GNU fileutils 4.0.36 provided with Red Hat Linux 7.1.
Abstract: The tested disk imaging tool was compared to the Disk Imaging Tool Specification developed by the Computer Forensics Tool Testing (CFTT) project, a joint effort of the National Institute of Justice, the National Institute of Standards and Technology, as well as the Department of Defense, the Technical Support Working Group, and other related agencies. This specification requires that top-level disk imaging tools make a bit-stream duplicate or an image of an original disk or partition, that they not alter the original disk, that they log I/O errors, and that the tool's documentation be correct. The test methodology is for software tools that copy or image hard disk drives. It does not pertain to analog media or digital media such as cell phones or personal digital assistants. After each source disk is created, a SHA-1 hash value is calculated and saved. Each time the tool is run, another SHA-1 is calculated and compared to the saved value. For all 32 test cases run, the hash codes matched, indicating the source was not altered by the tool. In all cases tested, the disk imaging tool produced an accurate bit-stream duplicate or an image on disks or partitions of all disk sectors copied; however, for a source with an odd number of sectors, the last sector of the source was omitted. Assertions that required read or write errors were not tested. The tested tool did produce a log message that there was no space left on the destination when the source was greater than the destination. No errors were found in the documentation supplied. Extensive data tables
Main Term(s): Police equipment
Index Term(s): Computer aided operations ; Computer software ; Computer related crime ; Equipment evaluation ; Computer aided investigations
Note: NIJ Special Report; downloaded November 8, 2005.
   
  To cite this abstract, use the following link:
https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=196352

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.