[Pauldotcom] Anti-forensic tools

[Joshua Wright]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just wanted to point out that my post about copying lemonparty.jpg is
the only one that works natively on Windows, the target platform based
on the use of "of=\\.\f:".  ;P

Points for the person who figures out how to do this with a Windows FOR
loop.

- -Josh

Grymoire wrote:
>> dd if=lemonparty.jpg of=\\.\f: bs=512
> 
> first of all, there is no need to use if= and of= - that's provided as
> a backwards compatability to JCL (HELLO! we're talking punched cards)
> Use < and < instead.
> 
> i.e.
> 
>  dd <lemonparty.jpg >\\.\f: bs=512
> 
> And yes, when the end of file is reached, dd will halt.
> It does not loop the data. 
> Perhaps you can 
> 
> 		1) seek blocks before writing
> 
> 		2) Use a bigger file
> 
> For number 1, I think you can do something like (untested)
> 
> count=0
> while [ $count -lt 500 ]
> do 
>  dd <lemonparty.jpg >\\.\f: seeek=$count bs=512
>  count=`expr $count + 1`
> done
> 
> 
> For #2, you can use any of these sources of data:
> 		yes | dd bs=512 count=500 >\\.\f:
> 		no | dd bs=512 count=500 >\\.\f:
> 		dd bs=512 count=500 </dev/zero  >\\.\f:		
> 		dd bs=512 count=500 </dev/urandom  >\\.\f:		
> 
> 
> Usually people use the last one.
> 
> And they repeat it if they want to make sure the data has been overwritten.
> 
> 
> I suppose you could do
> while true
> do
> 		cat lemonparty.jpg
> done | dd bs=512 count=500 >\\.\f:
> 
> 
> Hope that helps 
> (new member here - first post)
> 
> Grymoire
> 
> 
> 				
> 
> 
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkpNI4MACgkQapC4Te3oxYxl4ACfVa5Q1gwsXdVoyqsUkMS9WgeI
Y8AAoIzcsWhK3C3tlS6hj60yN6+yW22j
=Ss8C
-----END PGP SIGNATURE-----