When was D D created

Image creation with dd

Image creation with dd

With the help of dd, images of various media can be created. Whether it is to create image files of a hard disk, diskette images or ISO / RAW images of a CD or DVD is irrelevant for the actual syntactic structure of the command.

The dd command is not specifically designed for this purpose, rather it does nothing other than shovel data from one file to another in a certain way. The fact that every device under Unix and Unix systems such as Linux is treated as a conventional file (e.g. / dev / dvd, / dev / sda) makes it possible to use dd in the manner described here.

ISO images and CD / DVD RAW images

For example, the following command is used to create a complete image of a CD / DVD:

dd if = / dev / dvd of = / pfad / wo / das / image / hin / soll / Image.img bs = 1M && sync

For a USB stick:

dd if = / dev / sdY of = / path / to / the / Image.img bs = 1M && sync

Then you should use the cmp command to check whether all data was read correctly when the original medium was read out.

cmp Image.img / dev / dvd

In the case of a data CD / DVD, the result is an ISO image, so it can be used with

mv Image.img Image.iso

easily get the right name. However, if it was an SVCD, you should consider that no blocksize was specified in the dd command above and that in this case dd found the blocksize itself, which for SVCDs is not 2048 as in an ISO format , but 2352. Then, of course, there is no real ISO image but a RAW image, which as such could be burned back onto a CD using K3b or cdrdao. However, dd itself cannot be used to burn to CD or DVD.

Floppy images

With the dd command you can also create disk images and copy existing disk images back to disk. The command to create is here again:

dd if = / dev / fd0 of = / path / where / the / image / to / should / Diskimage.img

The command to copy back such a floppy disk image is then appropriately:

dd if = Diskimage.img of = / dev / fd0

It is irrelevant whether a file system already exists on the diskette or not, as this will be mercilessly overwritten by dd. However, you should check again with cmp whether the data has been read or written correctly. If an image written back to disk shows errors, the corresponding disk should be disposed of immediately, since then media errors are likely to be the cause and these are hardly repairable (unless the disk is formatted several times in the so-called low level, i.e. without a file system, what but is quite time-consuming and usually does not justify the effort compared to the value of a floppy disk).

Disk images

Furthermore, dd is also used to create hard disk images. You can use it to save entire hard drives to a RAW image:

dd if = / dev / hdb of = / path / where / the / image / to / should / hdb-image.img

Or, for example, individual partitions:

dd if = / dev / hda6 of = / path / where / the / image / to / should / hda6-image

Danger: The hard disk / partition to be copied may Not be mounted, otherwise any write access during the copying process can lead to defective image files!

Mount disk images

In order to mount created hard disk images on another Linux system, you can proceed as follows: image = path to the image e.g .: /mnt/server.img

# kpartx -a -v image add map loop0p1 (253: 0): 0 433692 linear / dev / loop0 63 add map loop0p2 (253: 1): 0 64260 linear / dev / loop0 433755 # # ls -l / dev / mapper / total 0 lrwxrwxrwx 1 root root 16 7th Dec 02:18 control -> ../device-mapper brw ------- 1 root root 253, 0 7th Dec 14:13 loop0p1 brw ----- - 1 root root 253, 1 Dec 7 14:13 loop0p2

Now you can mount your partition

# mount / dev / mapper / loop0p1 / mnt /

Disk replication

However, you can just as well use this command for 1: 1 copying of entire hard disks by integrating identical (!) Hard disks into a system, for example with external USB hard disk housings, and then simply shoveling the raw data 1: 1 from the input medium to the output medium via dd :

dd if = / dev / sda of = / dev / sdb

Depending on the size of the hard drive, this of course takes some time.

Hard disk images can also be created directly compressed by omitting the information about the source medium and piping the resulting output to a packer:

dd if = / dev / hda | gzip --best> hda-Image.gz

This could then be copied back with:

gunzip -c hda-Image.gz | dd of = / dev / hda

With the help of dd's piping capability, complex scripts can be created with the help of which, for example, such images can be created and played back across networks, see also the netcat manpage.

Boat sector security

By specifying the block size and the number of blocks to be read, you can also use dd to save the master boot record of a hard disk in order to save GRUB, for example.

dd if = / dev / hda bs = 512 count = 1 of = grub.img

Playing back an image created in this way is equivalent to creating with:

dd if = grub.img bs = 512 count = 1 of = / dev / hda

Alternatives to dd

The alternative to dd in case it is media that has errors is ddrescue. Its syntax is identical to dd, but it must be noted that when reading in in the event of an error, of course, the data previously available at the defective point cannot be restored from scratch, but simply replaced with zeros by ddrescue. Furthermore, depending on the type of error, it may be necessary to specify the block size and the number of data blocks to be read.

Data destruction (!) And hard drive recycling

The dd command can also be used to permanently erase old data, similar to wipe for files. Something like this is required, for example, when companies want to resell old devices but also want to make sure that the previously stored sensitive company data cannot fall into the wrong hands.

dd if = / dev / zero of = / dev / sda

Even if this means that it is impossible to restore individual files or even the entire hard disk, you can still use / dev / urandom for “psychological reasons”.

dd if = / dev / urandom of = / dev / sda

Repeating this process has only one effect in both cases: you waste time. Due to the design of today's disks, it is practically impossible that data can be restored after being overwritten with zeros once. (see linked article from heise security).

See also

Web links