This blog is a place used for notes and writing about various technical problems and projects worked on. Quite often the posts will be incomplete and some are likely to remain incomplete forever.

Hopefully some of it may be of passing interest, or maybe provide some assistance.

Please leave a comment. Or if you feel generous, click on an ad or two

Dec 19

“dd” is the linux command for taking byte by byte copies of files. Since a hard disk behaves sort of like a big file in linux, we can use “dd” to take a copy or image.

It is a good idea to zero all free space on the original disk before taking the image. This will make the empty space easier to compress. So if possible, mount the original disk, cd onto it and run the following commands to create file to fill the remaining hard disk space with zeros, you can then delete the file.

# dd if=/dev/zero of=delete.me bs=8M
# rm delete.me

Then to take the image of a disk detected as /dev/sda

# dd if=/dev/sda conv=sync,noerror bs=64K | gzip -c  > sda-dd-image.gz

You could have omitted the gzip bit to create an uncompressed image.

# dd if=/dev/sda conv=sync,noerror bs=64K of=sda-dd-image.gz

To check your progress, you can open another terminal and send the dd process a kill -USR1 signal.

# watch -n 10 killall -USR1 dd

To restore, use

# gunzip -c sda-dd-image.gz | dd of=/dev/sda conv=sync,noerror bs=64K

Or if you are restoring from an uncompressed image

# dd if=image.dd of=/dev/sda conv=sync,noerror bs=64K

You can also mount an uncompressed image without restoring it back to a drive. There is a little bit of maths to figure out where the partition starts.

First run fdisk on your disk image

# fdisk -l -u -C 592 /media/sdb1/image.dd

Disk /media/sdb1/image.dd: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders, total 156301488 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xb1579d08
Device                Boot Start End       Blocks    Id System
/media/sdb1/image.dd1 *    63    156280319 78140128+ 7  HPFS/NTFS/exFAT

This shows that the partition we are interested in starts at sector 63. So multiply by 512 bytes per sector, our partition starts at byte 32256.
Make a folder to mount the image on, and then mount it as follows

# mkdir /media/loop
# mount -o loop,offset=32256 -t ntfs /media/sdb1/image.dd /media/loop

Check all is present with

# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda1             78140128   3895592  74244536   5% /media/sda1
/dev/sdb1            1442145212 1368096272    792140 100% /media/sdb1
/dev/loop2            78140128   5566440  72573688   8% /media/loop
Posted in Uncategorized | No Comments »
Dec 14

To stop Microsoft Security Essentials from the command line or a batch file.

sc stop MsMpSvc

taskkill /f /im msseces.exe

Stopping the service will pop up a warning message which is handled by “msseces.exe”. SO we need to kill that process to

To start it again, you can try. This will run the scanner service, but may not show up in the system tray.

sc start MsMpSvc

 

Regards

Posted in Uncategorized | No Comments »

Recent Posts

Categories

Archives