You are in front of a Linux shell and you need to split your TeraByte of evidence in a FATA32 Hard Disk. You don’t have time to think.
This work for version: 6.12.3 (HELIX3PRO last version 2010).
dc3dd if=/dev/sda progress=on hashconv=after hash=md5,sha1 hashwindow=2GB splitformat=000 split=2GB log=/…path…/logfile.txt bs=512 iflag=direct conv=noerror,sync of=/…path…/IMAGE
It make:
- Multiple files of 2GB
- HASH: all chunk with MD5 and SHA1
- HASH: TOTAL IMAGE (MD5 and SHA1)
- Create a LOG file.
To verify the work:
dc3dd if=/dev/sda progress=on hashconv=after hash=md5,sha1 hashwindow=2GB splitformat=000 split=2GB verylog=/…path…/verfile.txt bs=512 iflag=direct conv=noerror,sync vfjoin=/…path…/IMAGE.000
BUT:
I recommend that you start by downloading dc3dd 7.0. You will find that this version does what you say you want to do, with a simplified command line.
You may obtain the software here: http://sourceforge.net/projects/dc3dd/
Richard Cordovano
Software Engineer (Contractor – General Dynamics)
Department of Defense Cyber Crime Center (DC3)