Great tutorial! However, you should make it shorter, in my opinion.

AFAIR the OP intended to write a (hand)-book on dd. Maybe he could tell us his present view?

If anyone wants a shorter one he/she can take what they want out of my op--thinly paraphrased of course--and write a shorter one. I guess I wonder, what do you want me to remove to make it shorter?

Ah, well, that leaves out the clarifications and additional information you and others added over time. So no book. Pity, but thanks anyway for this thread

I am, among other things, a professional writer. I inquired with several publishers about the possibility of writing a linux book. There were no takers, because everything is online. And there isn't much anyone can do about the length of the discussion thread.

dd
 

Hello, and thank you for halping me out a few times over the years. DD is awesome, and has helped me out loads.

Now, I want to ask about something specific with DD, and that is how to recover a text file which amazingly no undelete program seems to offer, by way of searching the contents for a string, and then saving, say 200kb before it, and 100 kb after it, into one file, on a different file system.

Something like this might be of use to save an email from the black hole of <whatever> or even an npp user from the occaisional freak behaviour of notepadplusplus.

So, I know a string "apply-online-for-student-finance" which was part of the file which I last wrote, and it had other useful stuff too, of which I cannot remember all, and I got as far as
dd if=/dev/sda1 | strings | grep 'apply-online-for-student-finance'

but got lost in all the whirlygig of stuff and couldn't complete.
is it possible someone can help me in my quest.

Thank you in advance

Well.... this is totally off topic from dd so likely you should start another thread...

I used to do this (with MUCH SMALLER disks/partitions that is common now) by using an editor and opening the disk partition (read only, and in binary mode -since it is text you are looking for this may be optional, AND with no swap file: vim -r -b -n /dev/whatever-partition). Then search for the string. When found you can use the editor to look before/after the string, and write only the part you want.

I'm not sure how vim does it now, because it has ben over 20 years since I did this with vi.

BTW, one problem this has is that files now can be more fragmented. Thus you may find the string - but that only locates one block (4k) of the file you want. To find other parts of the file you will have to identify other strings...

You can use hexedit to search (either in ASCII or in hex) and make modifications, with no limit on partition size. The modifications are limited to simple overwriting (no insertions or deletions). The modifications are kept in memory until you exit and choose to write out the changes, so the number of modifications is limited by the available memory.

(Sorry -- only read the immediately preceding post.)

I used to use xxd and grep. Or foremost...

Thanks for all your answers, and the other tools you have given which could possibly also solve the problem, although I would prefer to stick with DD and am as yet no closer to solving this little script.

dd is a very good tool - but all it does is copy data.

You asked for search. dd doesn't search.

The next problem was that you wanted to extract a 200k before and after a given string. Files are not stored that way. Each block MAY be stored separate from other blocks of the same file. Some filesystems will attempt to keep things together (ext4 does), it is not mandatory that it do so. Thus the most you can reliably get is the 4k block that contains the string. Note, the string itself may be split at a block boundary, and thus a search may not find it as searches expect things to be contiguous.

You can use the strings command to do searches. You can also use dd with grep.

strings (verb form) the whole drive
 

Just try $ strings -n 8 /dev/sda | grep 'apply\-online\-for\-student\-finance'

One problem with dd is that it fully processes every bit. That's slow. But if you really need every bit it's good. If you don't there are other tools.

I'm not sure if hexdump + grep works, because you have to search multiple lines in the ascii pane, and I'm not positive -B and -A switches search before and after, or just display before and after.

Thank you !

Clarification
 

You can always copy an ISO to a HDD. But if you want the HDD to boot, it has to be a hybrid ISO.