Home page logo
/

basics logo Security Basics mailing list archives

RE: tools used to examine a computer
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Mon, 24 Feb 2003 12:14:15 -0000

Make the destination disk a Linux machine with enough capacity.
On that Linux machine run (IP address of Linux machine in this case is
10.1.1.1)

Nc -l -p 9000 | dd of=NTMACHINE.dd

Nc is Netcat which should be on the Linux install or can be easily
downloaded.

Go to www.sysinternals.com and get the Unix Utils which will include dd
and netcat for Windows
Both will fit on a floppy.

From the floppy on your NT machine run

Dd if=\\.\PhysicalDrive0 | nc 10.1.1.1 9000

PhysicalDrive0 = Partitiion 0

It can take a while if it's a large partition but when complete you will
have a file called NTMACHINE.dd which is the same size as the partition
on your NT machine.

To access that file as a filesystem and read through the files use the
following

Mkdir /NTPartition

Mount /NTMACHINE.dd /NTPartition -o loop=/dev/loop3

Now when you cd into the /NTPartition directory you will see all the
files from your NT machine.  Yes inclusing the sam files etc.

Would also work to clone an NT machine to another NT machine as a copy
for booting etc.  Just run netcat and dd on both from floppy or even a
linux both floppy.

Hope this helps

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



-----Original Message-----
From: haji din [mailto:ahbh99 () yahoo com] 
Sent: 24 February 2003 06:38
To: Trevor Cushen
Subject: RE: tools used to examine a computer


hi trever<
would appreciate if you could send the details of
cloning a windows machine with DD and Netcat . Thanks


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/


**************************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

**************************************************************************************


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]