- Magnetic media
- Optical media
Magnetic media (3.5" floppy disks, Zip disks)
- Physical write-protection
- TD3 Forensic Imager
Optical media (CD-ROMs)
- dd
For optical media, using the dd command is one of the simplest options for capturing a raw image.
The basic anatomy of a dd command:
dd if=path/to/fileinput of=path/to/fileoutput.iso bs=512 conv=noerror
- "if" designates the source media (your CD)
- the command "diskutil list" is helpful, if you want to see the volumes you have mounted (CDs are often "/dev/disk2", but this is an easy way to confirm that)
- "of" designates your target directory/file output
- "bs" refers to "block size" or bit-transfer rate, 512 is the default r/w rate, but can be fairly slow for disks that hold a lot of data – as you can see in my example below, I use a block size of 65536
- "conv=noerror" tells the Terminal not to stop processing if it encounters an input error
Sample command with "tee":
dd if=/dev/disk2 bs=65536 conv=noerror,sync | tee /Volumes/Untitled/2017009_02_001/2017009_02_001_diskimage/2017009_02_001_diskimage.iso | md5 > /Volumes/Untitled/2017009_02_001/2017009_02_001_diskimage_md5.txt
This command is formatted differently because I want to generate multiple outputs. The first segment of the command looks fairly similar to what I've described above (the source media, blocksize, and conv operands are all present); the second segment looks familiar, too – this is where my first output is directed (my target), which is the actual .iso disk image; and the third segment directs the utility to generate an md5 checksum for the .iso file and output it to a text file.