Options For This
Howto

Free Support
Paid Support

Navigation

[+] Expand

[-] Collapse

Howtos

Linux

Android
CentOS

Debian
Fedora
Kernel

Mandriva
PCLinuxOS
SuSE

Ubuntu

Web Server

Apache
Cherokee
Lighttpd

nginx

Backup
Control Panels

ISPConfig

DNS

BIND
MyDNS
PowerDNS

djbdns

Desktop
Email

Anti-Spam/Virus
Postfix

FTP
High-Availability
Monitoring

MySQL
Programming

C/C++

PHP

Samba

Security

Anti-Spam/Virus

Storage

Virtualization

KVM
OpenVZ

VMware
VirtualBox
Xen

Other
FreeBSD

Commercial

Mini-Howtos
Forums

Contribute
Subscription
Login

Search

Search

Search

Search

Register

Login

Contribute

Subscribe

RSS

News

FAQForge

ISPConfig

Subscribe

Contribute

Forums

Howtos

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

1 z 10

2011-11-27 14:46

Site Map/RSS Feeds

User login

Username:

Password:

Remember Me?

Create a new account
Request new password

Facebook

Znajdź nas na
Facebooku

HowtoForge

Lubię to!

W tyczka
społecznościowa
Facebooka

Who's online

There are currently 17
users and 3320 guests
online.

HowtoForge
Forums

upgrade error

Create 1st Website
on Linux Centos
6.0 with ...

ubuntu and nginx
database access

Maybe I am missing
something with
users/clients ...

Ubuntu 11.10,
ISPConfig 3.0.4.1
needs some ...

Destination on
subnet unreachable

bashrc and default
home dir

Who's logged on
ispconfig port 81

PHP sites stop
loading - Apache
continues to ...

ubuntu mount
points

News

Screen Commands to
Work Remotely on Linux

Linux Mint 12 Review

opensource Asset
Managment software :
OCSInventory Ng

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

2 z 10

2011-11-27 14:46

Announcement: Patch for
RapidDisk (rxdsk) 1.3 to
build for 2.6.18

Scoregasm 70% off

GNUstep Objective-C
Runtime 1.6 Released

Softpedia Linux Weekly,
Issue 175

openSUSE 12.1 KDE
Review

Koha trademark grab: US
firm backs down

Windows Port Of GTK+3 Is
Improving

more

Recent comments

It works like a charm! :)

4 hours 39 min ago

Slightly outdated?

8 hours 53 min ago

Small improvement to the
script

13 hours 51 min ago

Re: Getting
'rpcbind&#039 ;
error

21 hours 22 min ago

Re: erorr install suPHP

1 day 4 hours ago

Instead of uncompress
files

1 day 4 hours ago

Saying Thanx

1 day 18 hours ago

Re: Nice post Kyle, thank
you

2 days 12 hours ago

Hi!Can you please post
HowTo

2 days 22 hours ago

centos

3 days 7 hours ago

Newsletter

Subscribe to
HowtoForge
Newsletter
and stay informed about
our latest HOWTOs and
projects.

enter email address

(To unsubscribe from
our newsletter, visit this

link

.)

English |

Deutsch

|

Site Map/RSS Feeds

|

Advertise

You are here:

Home

»

Howtos

»

Linux

»

Ubuntu

» Creating A Dd/dcfldd Image Using Automated Image & Restore (AIR)

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

3 z 10

2011-11-27 14:46

0

0

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR)

Want to support HowtoForge? Become a

subscriber

!

Submitted by

dream1600

(

Contact Author

) (

Forums

) on Mon, 2007-03-05 18:47. ::

Ubuntu

|

Backup

Creating a dd/dcfldd Image Using Automated Image &
Restore (AIR)

What is Automated Image & Restore

Automated Image & Restore (AIR) is an open source application that provides

a GUI front end to the dd/dcfldd (Dataset Definition (dd)) command. AIR is

designed to easily create forensic disk/partition images. It supports

MD5/SHAx hashes, SCSI tape drives, imaging over a TCP/IP network, splitting

images, and detailed session logging. To date, the AIR utility has only been

developed for use on Linux distributions. In its simplest form, AIR provides a

convenient interface to execute the dd set of commands. It eliminates the risk of "fat fingering" an error in the shell terminal

and ultimately makes using the dd command more user-friendly for those who are not as experienced. Please note that using

the AIR front end still requires some basic knowledge of how the dd (or dcfldd) commands work.

The dd command has been around for quite a while. It is well known throughout the Unix/Linux community, well documented,

and as I can only imagine extensively used. A dd image is a bit by bit image of a source device or file. The uses for dd range

from creating and maintaining system backups and restore images to the forensic application of imaging evidence that will be

returned to the lab and examined.

This tutorial is not designed to teach the use of the dd command; this is well documented and a simple internet search will yield

a plethora of results. Instead, the intent of this mini "how-to" is to introduce users to the AIR front end application, increase

overall awareness of the utility, and provide a brief example of creating a dd image using this tool.

DISCLAIMER: I do not claim to be expert at using dd or Automated Image & Restore.

Setting up AIR

The first thing you will want to do is download and install the latest version of the AIR application. The AIR application is

available for download at

www.sourceforge.net/projects/air-imager

.

Once you have downloaded the files to your system, decompress, extract, and install the application. [In this example, I have

downloaded the .tar.gz package and will display the commands related to this particular file type]

-- Make sure you are in a root shell

sudo -s

-- Check your current directory to make sure you are in the right location to access the package you downloaded

pwd

-- Decompress and extract ("untar") the AIR files

tar -zxvf /path/air-1.2.8.tar.gz

-- If you desire, this is a good time to read the README.txt file

-- Switch to your AIR directory

cd /path/air-1.2.8

-- Run the install script

./install-air-1.2.8

The AIR GUI

Send

Like

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

4 z 10

2011-11-27 14:46

Note that AIR does not work on all Linux distributions. Refer to the project information on sourceforge.net and the README.txt

file for a list of known supported distibutions - I am using Ubuntu which is not among the list. Ubuntu can still run AIR,

however, some functionality is unavailable. Now that you have successfully downloaded and installed the application, run AIR in

root shell by typing "air" in the terminal. AIR will run through a series of checks and the GUI will launch automatically.

Take a moment to familiarize yourself with the AIR GUI. Note how the buttons and options relate to various dd commands that

can be used in the terminal.

Creating a dd Image Using AIR

For this exercise, we will create a dd image of a .jpg in the root folder and copy it to a CD-ROM. AIR will run the commands

behind the scenes that will create the image and copy it to the CD-ROM. (In a real scenario, this .jpg could very easily

represent a compromised hard drive or other piece of evidence).

First, select the source device or file that you would like to image. This can be a particular drive/partition, a file such as a .jpg, a

folder, or any number of other items on a computer. We'll select /root/ectf.jpg which is the original file.

Next, select the destination device/file where you would like the image to be copied. We'll choose /dev/hdc which represents

the CD/DVD drive.

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

5 z 10

2011-11-27 14:46

[Note, selecting the source and destination devices/files can be done a few different ways:

A. Choose source/destination from the drop-down list in the toolbar - may not be available if using an unsupported Linux

distribution

B. Click the folder button to browse folders on your system

C. Click on the desired "Connected Devices" button at the bottom of the application and set as source or destination

D. Type the known path in the source/destination window]

After identifying the source and the destination, choose the desired block size of your source and destination devices/files. It is

recommended that these match. This step requires some knowledge of your source device/file and an understanding of block

sizes. [General information on block sizes can be found through web search].

Lastly, you are presented with a few options to tailor your image. Here you have the ability to choose device/file compression,

hash method, and whether or not you would like to verify the hashes post image.

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

6 z 10

2011-11-27 14:46

0

0

At this point, you have identified all the necessary criteria to create your dd image. Click "Start" and let AIR do the rest. Click

on "Show Status Window" to view the commands which AIR is running in the background. The status window will display a

detailed logging summary. This is where you can view the data transfer status and hash verification results.

IMPORTANT: The hash values MUST be identical to ensure you have an exact dd image of the source device/file.

Congratulations! You have just created a dd image using the Automated Image & Restore GUI front end application.

Copyright © 2007 Greg

All Rights Reserved.

add comment

|

view as pdf

|

print

Please do not use the comment function to ask for help! If you need help, please use our

forum

.

Comments will be published after administrator approval.

I was able toCreate a

Submitted by Anonymous (not registered) on Tue, 2008-12-09 20:54.

I was able toCreate a dd/dcfldd Image Using Automated Image & Restore (AIR). Now I would like to restore it into a Virtual Machine. Could

somebody please help? TIA.

Send

Like

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

7 z 10

2011-11-27 14:46

reply

|

view as pdf

Re: I was able toCreate a

Submitted by Anonymous (not registered) on Tue, 2009-12-01 08:39.

Sun Virtualbox (multi-platform freeware from virtualbox.org) has a command line utility that can convert raw disk images (e.g. dd

images) to either VDI (Sun Virtualbox), VMDK (e.g. vmware) or VHD (Microsoft) virtual machine disk images. See the

Virtualbox user

manual

, and lookup or search for the command "VBoxManage convertfromraw".

Example command:

VBoxManage convertfromraw --format VMDK --variant fixed ImageFile.dd OutputFile.vmdk

This command would take a dd image file called ImageFile.dd and create a byte by byte file (i.e. non-compressed, and approximately

the same size as the dd file) called OutputFile.vmdk.

Though the post I am replying to on this is quite old, I hope this is able to help someone who may come across this topic via search.

reply

|

view as pdf

Re: Re: I was able toCreate a

Submitted by Anonymous (not registered) on Tue, 2011-02-01 14:58.

Check out LiveView - http://liveview.sourceforge.net/

LiveView makes converting dd images to VMs easy.

reply

|

view as pdf

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR)

Submitted by

appyjack

(registered user) on Sun, 2008-04-13 18:30.

Yikes - another missing part...

When air starts, you may get a nasty message about encrypting data.

If you do, in a terminal (again)...

sudo apt-get install cryptcat

(You will need to restart air for this to go away)

reply

|

view as pdf

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR)

Submitted by

appyjack

(registered user) on Sun, 2008-04-13 18:26.

Ok - update from last post:

if you get the message complaining about Perl/Tk,

go to a terminal and do this: sudo apt-get install perl-tk

That solves the second missing point. The installation will continue as expected.

reply

|

view as pdf

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

8 z 10

2011-11-27 14:46

Creating dd images with AIR on Ubuntu 7.10

Submitted by

appyjack

(registered user) on Sun, 2008-04-13 18:18.

The instructions leave out some important points for Ubuntu 7.10

If you get this - FATAL ERROR:

"The uudecode program could not be found on your system..."

Then run this in the terminal - sudo apt-get install sharutils

I also got this:

"Perl/Tk is not installed on your system or you have a version

(0) other than what is called for, so for the installation

to proceed, it will have to be downloaded from the CPAN site on

the Internet. This means your system must be connected to a

network with Internet access and properly configured. If you

can surf the web then you should be okay.

Once Perl/Tk is downloaded (approx 5.8M), it will automatically

be compiled and installed."

I checked perl --version and got -

This is perl, v5.8.8 built for i486-linux-gnu-thread-multi

Copyright 1987-2006, Larry Wall

So, I'm not sure which version of Perl this is looking for, but I'm not continuing with the installation until I get it sorted out. If it's looking for

an older version of Perl, then maybe the package needs updating...

reply

|

view as pdf

Re: Creating dd images with AIR on Ubuntu 7.10

Submitted by Anonymous (not registered) on Wed, 2010-02-24 15:25.

This is typical Linux installation where nothing works.

Typical advice is "You just type this and this and then it's atomatically installed..." NOT IT'S NOT

This is so DOS.

"Perl/Tk is not installed on your system or you have a version

(804.028) other than what is called for, so for the installation

to proceed. Once Perl/Tk is downloaded, it will automatically be compiled

and installed."

hahahah - SO WHAT'S THE VERSION YOU ARE LOOKING FOR? SOME LEGACY VERSIONS OR WHAT? JESUS - GET A LIFE!

This Application got all the AIR out of the system... These kind of installations is why people uses Windows. Catastrophic...

reply

|

view as pdf

Howtos

|

Mini-Ho wto s

|

Fo rums

|

News

|

Search

|

Contribute

|

Subscription

Site Map/RSS Feeds

|

Advertise

|

Contact

|

Disclaimer

|

Imprint

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

9 z 10

2011-11-27 14:46

Copyright © 2011 HowtoForge - Linux Howtos and Tutorials

All Rights Reserved.

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) ...

http://www.howtoforge.com/creating_dd_images_with_air

10 z 10

2011-11-27 14:46