The dd command makes a bit-by-bit copy of a file, a filesystem, or even an entire hard drive. This means that even deleted files are copied (yes, it’s important to know that your deleted files may be recoverable), making for easy discovery and recovery. Deleted files will not be copied with most logical copying utilities, such as cp.
It’s worth noting that the dd command should not be used for typical day to day copying of files and storage devices because it is very slow; other commands do the job faster and more efficiently. It is, though, excellent when you need a copy of a storage device without the filesystem or other logical structures, such as in a forensic investigation.
The basic syntax for the dd command is as follows:
dd if=inputfile of=outputfile
kali >dd if=/dev/sdb of=/root/flashcopy
Let’s break down this command: dd is the physical “copy” command; if designates the input file, with /dev/sdb representing the flash drive in the /dev directory; of designates the output file; and /root/flashcopy is the name of the file we want to copy the physical copy to.
Comments