Using dd over ssh to create a binary disk dump backup/copy over a network or internet / Forensic Training / binsec.wiki | pentesting - secure coding - forensic

Create local binary copy with dd

Binary copies of hard disks or even individual partitions can be created with dd. Typically dd is called locally to create an image or clone a drive or partition. Let's assume that we want to create a binary copy of /dev/xvdc3 and save it in a file /tmp/xvdc3.dd:

sudo dd if=/dev/xvdc3 | dd of=/tmp/xvdc3.dd*

By using pv in the middle of the binary data stream, you can also see the current data rate.

sudo dd if=/dev/xvdc3 | pv | dd of=/tmp/xvdc3.dd

The backup of a partition can quickly cover several GB. So if you want to create an image from a disk on a server, the local free space is usually not sufficient.

Create remote binary copy with dd and store locally using SSH

With SSH you can transfer the binary data stream encrypted over a network. Let us assume that we want to save a binary copy of the /dev/xvdc3 partition from a server with the hostname forensic to the file /tmp/xvdc3.dd locally for a forensic analysis.

ssh admin@forensic "sudo dd if=/dev/xvdc3" | pv | dd of=/tmp/xvdc3.dd

Adding data compression of the data stream:

ssh admin@forensic "sudo dd if=/dev/xvdc3 | gzip" | gunzip | pv | dd of=/tmp/xvdc3.dd

Last modified: April 21, 2023

binsec GmbH

binsec GmbH is a consulting firm for information security and was founded in 2013 by security experts. Our team consists of experienced, certified specialists with different areas of expertise. Due to our extensive expertise in many different IT security fields, we can support our customers with a wide array of issues. Most of our customers are medium-sized companies, for whom security is pivotal to success.

Keywords

Linux