Security Basics mailing list archives
RE: tools used to examine a computer
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Mon, 24 Feb 2003 12:14:15 -0000
Make the destination disk a Linux machine with enough capacity. On that Linux machine run (IP address of Linux machine in this case is 10.1.1.1) Nc -l -p 9000 | dd of=NTMACHINE.dd Nc is Netcat which should be on the Linux install or can be easily downloaded. Go to www.sysinternals.com and get the Unix Utils which will include dd and netcat for Windows Both will fit on a floppy.
From the floppy on your NT machine run
Dd if=\\.\PhysicalDrive0 | nc 10.1.1.1 9000 PhysicalDrive0 = Partitiion 0 It can take a while if it's a large partition but when complete you will have a file called NTMACHINE.dd which is the same size as the partition on your NT machine. To access that file as a filesystem and read through the files use the following Mkdir /NTPartition Mount /NTMACHINE.dd /NTPartition -o loop=/dev/loop3 Now when you cd into the /NTPartition directory you will see all the files from your NT machine. Yes inclusing the sam files etc. Would also work to clone an NT machine to another NT machine as a copy for booting etc. Just run netcat and dd on both from floppy or even a linux both floppy. Hope this helps Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: haji din [mailto:ahbh99 () yahoo com] Sent: 24 February 2003 06:38 To: Trevor Cushen Subject: RE: tools used to examine a computer hi trever< would appreciate if you could send the details of cloning a windows machine with DD and Netcat . Thanks __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or postmaster () sysnet ie **************************************************************************************
Current thread:
- Re: Checkpoint NG - SMTP Guard Features, (continued)
- Message not available
- Re: Checkpoint NG - SMTP Guard Features Mel (Feb 20)
- RE: tools used to examine a computer Trevor Cushen (Feb 20)
- RE: tools used to examine a computer H C (Feb 20)
- RE: tools used to examine a computer Robinson, Sonja (Feb 20)
- RE: tools used to examine a computer Trevor Cushen (Feb 20)
- RE: tools used to examine a computer H C (Feb 20)
- RE: tools used to examine a computer Trevor Cushen (Feb 20)
- RE: tools used to examine a computer H C (Feb 20)
- RE: tools used to examine a computer Trevor Cushen (Feb 22)
- RE: tools used to examine a computer Robinson, Sonja (Feb 22)
- RE: tools used to examine a computer Trevor Cushen (Feb 24)
- RE: tools used to examine a computer H C (Feb 25)
- RE: tools used to examine a computer Tim V - DZ (Feb 25)
- RE: tools used to examine a computer Trevor Cushen (Feb 25)
- ntpasswd compatibility w/RAID systems David Moisan (Feb 26)
- RE: tools used to examine a computer Trevor Cushen (Feb 25)
- RE: tools used to examine a computer David Moisan (Feb 26)