Forrest logo
back to the dcfldd tool

dcfldd:tldr:d4f6d

dcfldd: Copy a disk to a raw image file, hashing each 1 GB chunk.
$ dcfldd if=/dev/${disk_device} of=${file-img} hash=${select} hashlog=${file-hash} hashwindow=${1G}
try on your machine

This command is using the utility "dcfldd" to perform a data copy and hashing operation on a disk device.

Here is a breakdown of the command:

  • "dcfldd" is a forensic acquisition tool similar to the "dd" command, but with additional features like hashing.
  • "if=/dev/${disk_device}" specifies the input file (in this case, a disk device). The value of "${disk_device}" is expected to be provided by the user, and it represents the path to the disk device (e.g., /dev/sda).
  • "of=${file-img}" specifies the output file name. The value of "${file-img}" is expected to be provided by the user, and it represents the desired output file name.
  • "hash=${select}" specifies the hashing algorithm to be used during the data copy operation. The value of "${select}" is expected to be provided by the user, and it represents the selected hashing algorithm (e.g., md5, sha1, etc.).
  • "hashlog=${file-hash}" specifies the file path where the hash values will be logged. The value of "${file-hash}" is expected to be provided by the user, and it represents the desired log file path.
  • "hashwindow=${1G}" specifies the size of the hash window. In this case, "1G" represents 1 gigabyte. This parameter controls the chunk size in which the input is hashed before being written to the output file.

Overall, this command executes the data copy operation from the specified disk device, while also performing hashing on the copied data using the chosen algorithm. It logs the hash values produced during the operation to a specified file path. The hash window is set to 1GB, meaning that the data is hashed in 1GB chunks.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the dcfldd tool