/ _ \ \_\(_)/_/ more on JOHLEM.NET _//"\\_ / \ 0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0 +--------------------------------------------+ | DD Command Cheat Sheet for IT Security | +--------------------------------------------+ 1. Basic File Copying Command: dd if=[source_file] of=[destination_file] Explanation: Copies the content of source_file to destination_file. Example: dd if=/path/to/sourcefile of=/path/to/destinationfile 2. Creating a Disk Image Command: dd if=/dev/sdX of=/path/to/disk_image.img Explanation: Creates an image of a disk (sdX) and saves it as disk_image.img. Example: dd if=/dev/sda of=/mnt/backup/disk.img 3. Cloning a Disk to Another Disk Command: dd if=/dev/sdX of=/dev/sdY Explanation: Clones everything from disk sdX to disk sdY. Example: dd if=/dev/sda of=/dev/sdb 4. Secure Deletion of Data Command: dd if=/dev/zero of=/dev/sdX Explanation: Overwrites entire disk sdX with zeros, securely erasing data. Example: dd if=/dev/zero of=/dev/sdb 5. Creating a Fixed Size File Command: dd if=/dev/zero of=/path/to/file bs=1M count=100 Explanation: Creates a file of 100MB filled with zeros. Example: dd if=/dev/zero of=/tmp/100MBfile bs=1M count=100 6. Backup of a Partition Command: dd if=/dev/sdXN of=/path/to/backup.img Explanation: Creates a backup image of a specific partition (sdXN). Example: dd if=/dev/sda1 of=/mnt/backup/partition.img 7. Restoring from an Image Command: dd if=/path/to/disk_image.img of=/dev/sdX Explanation: Restores disk image to a specified disk. Example: dd if=/mnt/backup/disk.img of=/dev/sda 8. Copying with Progress Report Command: dd if=/dev/sdX of=/dev/sdY status=progress Explanation: Clones disk sdX to sdY with a progress report. Example: dd if=/dev/sda of=/dev/sdb status=progress 9. Creating an ISO from a CD/DVD Command: dd if=/dev/cdrom of=/path/to/cd.iso Explanation: Creates an ISO image from a CD/DVD drive. Example: dd if=/dev/cdrom of=/tmp/mydisk.iso 10. Secure Wipe with Random Data Command: dd if=/dev/urandom of=/dev/sdX Explanation: Securely wipes the disk by overwriting it with random data. Example: dd if=/dev/urandom of=/dev/sdb 11. Data Recovery from a Failing Disk Command: dd if=/dev/sdX of=/path/to/recovery.img conv=noerror,sync Explanation: Attempts to recover data from a failing disk, skipping bad sectors. Example: dd if=/dev/sda of=/mnt/recovery/recovery.img conv=noerror,sync 12. Network-Based Disk Cloning Command: dd if=/dev/sdX | ssh user@remote_host dd of=/dev/sdY Explanation: Clones a local disk to a remote disk over SSH. Example: dd if=/dev/sda | ssh user@example.com dd of=/dev/sdb 13. Backup of an Encrypted Disk Command: dd if=/dev/mapper/encrypted_partition of=/path/to/backup.img Explanation: Creates an image of an encrypted partition. Example: dd if=/dev/mapper/encrypted-sda1 of=/mnt/backup/encrypted.img 14. Monitoring DD Progress with pv Command: pv -petra -s $(du -sb /dev/sdX | awk '{print $1}') (md5sum > /path/to/hash.txt) | dd of=/path/to/forensic_copy.img Explanation: Creates a forensic copy of a disk with an MD5 hash for integrity. Example: dd if=/dev/sda | tee >(md5sum > /mnt/hash.txt) | dd of=/mnt/forensic.img 25. Convert a File to Uppercase Command: dd if=/path/to/textfile of=/path/to/uppercasefile conv=ucase Explanation: Converts all lowercase letters in a file to uppercase. Example: dd if=/tmp/lowercase.txt of=/tmp/uppercase.txt conv=ucase 26. Creating a Fixed Size Sparse Image Command: dd if=/dev/zero of=/path/to/sparse.img bs=1 count=0 seek=100G Explanation: Creates a 100GB sparse image file which doesn't use full space initially. Example: dd if=/dev/zero of=/mnt/sparse.img bs=1 count=0 seek=100G 27. Checking Disk Write Performance Command: dd if=/dev/zero of=/tmp/testfile bs=1G count=1 oflag=dsync Explanation: Tests write performance of a disk by writing a 1G file. Example: dd if=/dev/zero of=/tmp/testfile bs=1G count=1 oflag=dsync 28. Checking Disk Read Performance Command: dd if=/path/to/testfile of=/dev/null bs=1G Explanation: Tests read performance of a disk. Example: dd if=/mnt/testfile of=/dev/null bs=1G 29. Batch Copy Multiple Files Command: tar cf - file1 file2 | dd of=/path/to/destination.tar Explanation: Uses tar and dd together to batch copy multiple files. Example: tar cf - file1.txt file2.txt | dd of=/mnt/batch.tar 30. Direct Copying Between Two Network Hosts Command: dd if=/dev/sdX bs=4M | nc [destination_host] [port]; nc -l [port] | dd of=/dev/sdY Explanation: Copies a disk over a network using netcat (nc). Example: dd if=/dev/sda bs=4M | nc 192.168.1.2 1234; nc -l 1234 | dd of=/dev/sdb 31. Byte-level Data Recovery Command: dd if=/dev/sdX of=/path/to/recovered_data bs=512 skip=[error_sector] count=[remaining_sectors] Explanation: Recovers data starting from a specific sector, bypassing bad sectors. Example: dd if=/dev/sda of=/mnt/recoverydata bs=512 skip=10000 count=50000 32. Overwriting Specific File Contents Command: dd if=/dev/zero of=/path/to/targetfile bs=1M seek=[offset_in_MB] count=[size_in_MB] Explanation: Overwrites a specific part of a file with zeros. Example: dd if=/dev/zero of=/tmp/importantfile bs=1M seek=10 count=5 33. Creating a Compressed Disk Image Command: dd if=/dev/sdX bs=1M | gzip > /path/to/compressed_image.img.gz Explanation: Creates a compressed image of a disk using gzip. Example: dd if=/dev/sda bs=1M | gzip > /mnt/compressed.img.gz 34. Restoring a Compressed Disk Image Command: gzip -dc /path/to/compressed_image.img.gz | dd of=/dev/sdX Explanation: Restores a compressed disk image. Example: gzip -dc /mnt/compressed.img.gz | dd of=/dev/sda 35. Secure Deletion of a Specific File Command: dd if=/dev/urandom of=/path/to/file bs=1M conv=notrunc Explanation: Securely overwrites a specific file with random data. Example: dd if=/dev/urandom of=/tmp/sensitivefile bs=1M conv=notrunc 36. Disk Duplication with Compression for Storage Efficiency Command: dd if=/dev/sdX bs=4M | bzip2 -c > /path/to/disk_image.bz2 Explanation: Creates a compressed disk image using bzip2 for more efficient storage. Example: dd if=/dev/sda bs=4M | bzip2 -c > /mnt/disk_image.bz2 37. Restoring a bzip2 Compressed Disk Image Command: bzip2 -dc /path/to/disk_image.bz2 | dd of=/dev/sdX Explanation: Restores a disk image compressed with bzip2. Example: bzip2 -dc /mnt/disk_image.bz2 | dd of=/dev/sdb 38. Creating an Encrypted Disk Image Command: dd if=/dev/sdX bs=4M | openssl enc -aes-256-cbc -out /path/to/encrypted_image.img Explanation: Creates an AES-256 encrypted disk image. Example: dd if=/dev/sda bs=4M | openssl enc -aes-256-cbc -out /mnt/encrypted.img 39. Restoring an Encrypted Disk Image Command: openssl enc -d -aes-256-cbc -in /path/to/encrypted_image.img | dd of=/dev/sdX Explanation: Restores an AES-256 encrypted disk image. Example: openssl enc -d -aes-256-cbc -in /mnt/encrypted.img | dd of=/dev/sdb 40. Disk Verification Post-Cloning Command: dd if=/dev/sdX bs=4M | md5sum; dd if=/dev/sdY bs=4M | md5sum Explanation: Generates MD5 checksums for verification after disk cloning. Example: dd if=/dev/sda bs=4M | md5sum; dd if=/dev/sdb bs=4M | md5sum 41. Differential Data Copying for Backup Command: dd if=/dev/sdX bs=4M | diff /path/to/previous_backup.img - | dd of=/path/to/differential_backup.img Explanation: Creates a differential backup by comparing and copying only changed data. Example: dd if=/dev/sda bs=4M | diff /mnt/prev_backup.img - | dd of=/mnt/diff_backup.img 42. Low-Level Memory Analysis Command: dd if=/dev/mem of=/path/to/memory_dump bs=1M Explanation: Dumps the contents of physical memory to a file for analysis. Example: dd if=/dev/mem of=/tmp/memdump bs=1M 43. Boot Sector Backup Command: dd if=/dev/sdX of=/path/to/boot_sector_backup bs=512 count=1 Explanation: Creates a backup of the boot sector of a disk. Example: dd if=/dev/sda of=/mnt/bootsector.bak bs=512 count=1 44. Restore Boot Sector Command: dd if=/path/to/boot_sector_backup of=/dev/sdX bs=512 count=1 Explanation: Restores the boot sector from a backup. Example: dd if=/mnt/bootsector.bak of=/dev/sda bs=512 count=1 45. Raw Network Interface Data Dump Command: dd if=/dev/net/tun of=/path/to/network_dump bs=1M Explanation: Dumps raw network interface data for analysis. Example: dd if=/dev/net/tun of=/tmp/netdump bs=1M 46. Securely Wipe Free Space with a Custom Pattern Command: dd if=<(yes "CUSTOMPATTERN" | tr -d '\n') of=/path/to/mounted_volume bs=1M Explanation: Overwrites free space in a mounted volume with a custom pattern. Example: dd if=<(yes "CUSTOMPATTERN" | tr -d '\n') of=/mnt/volume bs=1M 47. Disk Data Recovery with Error Logging Command: dd if=/dev/sdX of=/path/to/recovery.img conv=noerror,sync 2> /path/to/error.log Explanation: Recovers data from a disk with error logging for bad sectors. Example: dd if=/dev/sda of=/mnt/recovery.img conv=noerror,sync 2> /tmp/error.log 48. Swapping Byte Order for Endianness Conversion Command: dd if=/path/to/inputfile of=/path/to/outputfile conv=swab Explanation: Converts the byte order of a file (endianness). Example: dd if=/tmp/original.dat of=/tmp/swapped.dat conv=swab 49. Creating a Zipped Disk Image for Efficient Remote Transfer Command: dd if=/dev/sdX bs=4M | zip > /path/to/disk_image.zip Explanation: Creates a zipped disk image for space-saving and easier transfer. Example: dd if=/dev/sda bs=4M | zip > /mnt/disk_image.zip 50. Block-Level Redundant Array of Independent Disks (RAID) Backup Command: dd if=/dev/mdX of=/path/to/raid_backup.img bs=4M Explanation: Backs up an entire RAID array to an image file. Example: dd if=/dev/md0 of=/mnt/raid_backup.img bs=4M +----------------------------------------------------------------------+