- Magnetic media
- Optical media
Magnetic media (3.5" floppy disks, Zip disks)
- Physical write-protection
- TD3 Forensic Imager
Optical media (CD-ROMs)
- dd
For optical media, using the dd command is one of the simplest options for capturing a raw image.
The basic anatomy of a dd command:
dd if=path/to/fileinput of=path/to/fileoutput.iso bs=512 conv=noerror
- "if" designates the source media (your CD)
- the command "diskutil list" is helpful, if you want to see the volumes you have mounted (CDs are often "/dev/disk2", but this is an easy way to confirm that)
- "of" designates your target directory/file output
- "bs" refers to "block size" or bit-transfer rate, 512 is the default r/w rate, but can be fairly slow for disks that hold a lot of data – as you can see in my example below, I use a block size of 65536
- "conv=noerror" tells the Terminal not to stop processing if it encounters an input error
Sample command with "tee":
dd if=/dev/disk2 bs=65536 conv=noerror,sync | tee /Volumes/Untitled/2017009_02_001/2017009_02_001_diskimage/2017009_02_001_diskimage.iso | md5 > /Volumes/Untitled/2017009_02_001/2017009_02_001_diskimage_md5.txt
This command is formatted differently to generate multiple outputs. The first segment of the command looks fairly similar to what I've described above (the source media, blocksize, and conv operands are all present); the second segment looks familiar, too – this is where my first output is directed (my target), which is the actual .iso disk image; and the third segment directs the utility to generate an md5 checksum for the .iso file and output it to a text file.