MD5SUM question

iupui95 · 08-05-2002, 05:18 AM

Hi everybody. New here.

Problem is I am trying to run a MD5 hash on a suspect HDD and then copy with DD. Problem is HDD has errors and causes MD5SUM to abort with input/output error.

Is there a workaround or maybe a different version of MD5 to remedy this?

Thanks.

unSpawn · 08-05-2002, 06:20 AM

I would dd it first, and *then* try massaging data, because then you can work on (a copy of) the backup which is safer in case of fsck ups.

If you're doing forensics, I would like to redirect you to porcupine.org for TCT, or Google Sourceforge for "Biatchux" the bootable cd with TCT/TCT-utils *and Perl* already prepped on it. TCT requires practice tho.

Another thing, if you're running into suspect files, Google the 'net for "the Honeypot project". Their Scan Of the Month dir contains a lot of info like approach/analysis which can be beneficial speeding up/recognizing stuff.

HTH somehow

iupui95 · 08-05-2002, 05:11 PM

Thank you for replying.

I agree you would never want to work on original. I didn't mention that DD chokes on this drive too. Also gives Input/output error. I have imaged other drives with this system so I know it is the suspect drive.
Just don't know how to work around to get image.