| TinyApps.Org |
| Small is beautiful |
HOME0. Internet
1. Text
2. Graphics
3. System
4. File
5. Misc
6. Palm
7. OS X
BLOG
DOCS
FAQ
RSS (?)
Extract strings from raw disk device or image #
After filling a hard drive with zeroes (followed by a quick format), I wanted to ensure that no sensitive data remained. My first thought was to use a disk editor/viewer like iBored or Disk Investigator, but scrolling through millions of blocks gets dull pretty quickly. So I tried piping dd to strings - bingo:
$ sudo dd if=/dev/rdisk2 bs=512 | strings -a QpQp EFI PART BSD 4.4 pEFI FAT32 Non-system disk Press any key to reboot RRaA rrAaA' ...Initially, I used sudo kill -s SIGINFO dd_pid to check on dd's progress, but then remembered dcfldd, an enhanced version of dd with a much better progress indicator (among many other improvements):
$ sudo dcfldd if=/dev/rdisk2 bs=512 | strings -a QpQp EFI PART ... 6144 blocks (3Mb) written.EFI ( 124928 blocks (61Mb) written. ...UPDATE: While looking for a hex editor that would search for non-matching patterns, I stumbled upon an even simpler solution: use hexdump or od (syntax is the same for both):
$ hexdump /dev/rdisk2 0000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 *Duplicate lines are truncated (as indicated by the asterisk) unless the -v option is specified:
$ od -v /dev/rdisk2 0000000 0000 0000 0000 0000 0000 0000 0000 0000 0000010 0000 0000 0000 0000 0000 0000 0000 0000 0000020 0000 0000 0000 0000 0000 0000 0000 0000 ...
/mac | Apr 14, 2010
Categories
Blosxom Archive
2012: 2 1
2011: 12 11 10 9 8 7 6 5 4 3 2 1
2010: 12 11 10 9 8 7 6 5 4 3 2 1
2009: 12 11 10 9 8 7 6 5 4 3 2 1
2008: 12 11 10 9 8 7 6 5 4 3 2 1
2007: 12 11 10 9 8 7 6 5 4 3 2 1
2006: 12 11 10 9 8 7 6 5 4 3 2 1
2005: 12 11 10
2011: 12 11 10 9 8 7 6 5 4 3 2 1
2010: 12 11 10 9 8 7 6 5 4 3 2 1
2009: 12 11 10 9 8 7 6 5 4 3 2 1
2008: 12 11 10 9 8 7 6 5 4 3 2 1
2007: 12 11 10 9 8 7 6 5 4 3 2 1
2006: 12 11 10 9 8 7 6 5 4 3 2 1
2005: 12 11 10
Blogger Archive
Ezine Archive