network

As hard drives are growing, dying or trying to evade us, the need for cloning disks are growing fast. There are many uses for cloning disks, including:

• forensics work - you need an exact copy of the drive in order to reconstruct the data
• backup - you need an exact copy of the drive in order to restore it when (not if) the drive dies, or the data is lost
• outgrowning the disk - the oh-so-big disk you got some years ago is stuffed and ready to explode
• stealing the content - you may want to copy the contents from someone else without their consent (this is illegal in most countries, mind you!)
• just for fun - learning how to do stuff, having fun.

Many other reasons may exist too, and whatever reason you have to copy your drive, I will explain how I clone disks easily and quickly, using a slave computer (a server with plenty of disk space), exposed to the network from where I want to copy the disk, and a Linux boot CD (I usually use a CF-card with my CF-card reader instead, as it is easily disguised as a photo holding card for my camera).

Pre Requisites:

• Master HD (this would be the Hard drive you want to clone/copy) I will use the HD on my X41 in this example, and I will not be removing it
• Laptop with a working network (I use a cabled network, due to speed and ease of configuration)
• A slave computer with plenty of disk, and connected to the network (preferably the same segment to save time, but could be over Internet if both systems have access, and your firewall is set up accordingly)
• Linux on the slave computer (use your preferred distro)
• Linux on a stick, CD or memorycard of some kind (Knoppix is a good one, but use your preferred distro)
• One, clean, fresh hard drive which is empty and ready (you will be cloning sector by sector, all content in once, wich may overwrite anything on that slave hard drive)

WARNING:

This How-to comes with no warranties WHAT SO EVER. Whatever you choose to do, whatever the results you get, is YOUR DOING ONLY, and Roer.com nor myself will accept NO LIABILITIES. You risk loosing all your data, you risk jail (if the data is not your own), you risk embarrasment. And you probably risk a lot more, but you have your own imagination to dream of that yourself. YOU HAVE BEEN WARNED.

Setting up the slave/server

Unless you have a Linux server (or workstation) running, go and set it up now. Make sure it is connected to the network, and that DD and Netcat is installed and available to you. Not sure how? Google is your friend!

With your server ready, open up a terminal and find your local IP address by your favorite method. I simpy issue ifconfig:

ifconfig and hit enter

And there I find my eth0 IP-address to be 192.168.0.99.

I will need to know this when I want to connect from the laptop later.

Next, I will tell my slave to set up netcat to accept connections on port 9901 (just pick a number, try to avoid the "popoular" ports like 80, 8080, 21 etc). This will be the door your slave will be expecting you to connect from your laptop. After the netcat command, I tube in the DD command, telling DD to use my device /dev/sdc (you make sure you know wich drive to use on YOUR setup. You can do that by using fdisk or parted or gparted etc. Not sure how? Google is still your friend!)

Command to issue in your terminal:

sudo su and hit enter

(this will give you root rights, wich you may need to issue the next commands. You may need to issue your password too).

nc -l -p 9901 | dd of=/dev/sdc and hit enter

The -l is to set up Netcat to listen, and -p is to tell it what port to listen on. The of switch of DD is to tell DD where to save the data. Google and MAN are great friends here.

NOTE: Please make sure that you use the RIGHT hard drive - in MY setup, I use sdc, but you may be using sdb or sda or any other drive.

Your slave is ready to take your data!

Setting up the master

Now that the slave is ready to take your data and save them to the disk, it is time to prepare your master drive - the hard drive you would like to clone. First, you need a startup device. You may use a live CD, a USB-Stick, floppy or any other means of booting that your computer accepts. In my case, the X41 comes without a CD/DVD reader, so I need to use a USB-device. I opt for my CF-Card and the card reader I have, and install Linux on it.

So boot from the startup device you created, with your favorite flavour of Linux.

When the computer is up and running, check that you have network access to the other (slave computer) by a simple ping. (I always do simple checks like these before I go on doing heavier stuff, to reduce the number of possible errors later).

Again, you want to know the address to your hard drive. You are free to use your tool of choice. fdisk is a friend:

fdisk -l and hit enter

The disk I want is /dev/sda (my x41 is a SATA system, giving my disk a SCSI address. A PATA drive would be /dev/hdX where X would be a letter).

Next thing to do is simply to issue the DD command, with a tube to Netcat. It looks like this:

dd if=/dev/sda | nc 192.168.0.99 9901 and hit enter

The if tells DD where to copy/clone from, and the nc statements are pretty self explanatory, I should think. The IP-address to the slave computer, and the port number we told it to listen on before.

Now all you need is to sit back and relax while the data (preferrably yours) are flying across the universe of bits and bytes!

Keep in mind that this may take some time. A lot of time, actually if you have some data. So go fetch a cup of coffee, grab lunch, or just go home and come back tomorrow.

Why would you need this?

DD over network is particularly interesting regarding forensics IMO. It is easy and quick to set up, you clone the disk byte by byte, so it will copy EVERYTHING, even if data has been tried erased. It also copies the data regardless of errors on the drive. And most importantly, it leaves the original hard drive untouched, so it can still be used as evidence if ever needed.

Another bonus is that having the clone, you can leave the owner of the hard drive working as normal, while you can examine the content in calmness.

You may also do the clone to a USB drive, which is faster. This comes in handy when on the road, or at a client location and your server has not been prepared. In my lab, on the other hand, I prefer to use the network.

Another use of this is to set up a clone of a system before you go about testing stuff. Like checking out how virus function, how hacker tools work etc.

And of course it is a great way to steal data. If you do not realize what is going on under your nose, someone might be copying drives at your place right now.

Restoring a copy

If you at some point need to restore your clone back to the orriginal hard drive, you simply do the same, just changing the roles of the two computers - making the slave into master, and the master to slave.

Comments? Ideas? Please share!

The iPhone has become one of the most wanted devices on the mobile phone market 2008. No surprise there. With Apple's previous history of gadget success, this more or less had to happen.

And although Apple make money on these devices, Apple have decided to tap into the ongoing, continious revenue stream of their Telco partners. According to the Register, if you want to provide iPhone to your clients, you are required to add an Apple networking device in your datacenter.

At first glance, this is only to provide the customers with the services required for the iPhone to function propperly.

At next glance, you see that the device is able to capture and control the dataflow to and from any iPhone's connected through that Telco.

So what?

By controlling the actual dataflow to and from the device, Apple may now gather information, habits and control the way their users are actually using the iPhone. This also means that they may adopt content (advertisements) to the habits of the users - much like Google does on the web.

It also may enable services like pay-per-view and strict access control. As well as full monitoring of the content and communication.

According to the Register, this may become a threat to the Telco, as the Telco's themselves has been dreaming of such a tool for ages. Some have tried too - but due to too big differences on the device side, the success of identifying and controlling the content has not yet succeeded.

I think that Apple will share their technology with their Telco partners - the Telcos I know would never accept the technology partner to controll everything - unless they get revenue back.

I predict that Apple and the Telco's will walk this road hand-in-hand, all the way to the bank.

And the customers?

Nothing has really changed. You still get the bill. And you might persive the new technology as a better service to you.

Wich in my book means this is a typical Win-Win-Win situation.

And the security?

Well, you are already monitored and analyzed, so this makes no big change. The data quality is better, so the analyzes will be of a higher value, wich in turn will give you better adds!

---

Telco = TELeCOmmunication Company

I get many strange invitations in my email. Todays selection is from a that calls themselves Biztime Limited, based in the UK. They have a new Social Networking idea - called Jamparii. Sure we can use that (pun). Their plan is to let me make a profit as they become the next MySpace and Youtube. In other words, they want my money.

The invitation came by an Ecademy group. I quit Ecademy 18 month ago because back then I felt many users where only interested in MLM and promoting scams. Even though I have canceled my account, and no longer are available on Ecademy, they continue to send me emails from their forums. That is another post, I guess!

So back to Jamparii - they ask me to give them £1 000,- in exchange for a Founder Life Membership. And a potential revenue share:

Our strategy is to create a small group of just 250 Founder Life Members, who will be the centre pillars of Jamparii and will benefit both as life members but also financially as shareholders. We already have a number in place but there are still plenty of places left. Your investment will be under £1,000 and you will have the opportunity to earn and win more shares during the first year or so.

So - I will win more shares during the first year or so. Sounds like the MLM game that took Europe by storm a few years back - you played around with virtual stocks, and made a profit based upon how many people you recruited. World Game Inc. it was called, before it was called a bluff.  

Further fuel to my presumption is the fact that 3 750 Founder members are also invited. So - we have Founder Life members who will win shares, and Founder members who pay to enter. Then add regular, paying members - they will provide the profit up the lane. Or so it may sound.

They start their story like this:

When we hear of the huge sums of money that are being paid for these web platforms do you wish that you had thought them up or had a stake in them?

Well here is an opportunity for you to do just that! - Read on and see for yourself!

I am sorry. If I had such an idea, last thing I would do is to tell everyone. I would have people use it. Not try to sell it like a scam.

Thus, I suggest Jamparii is a scam, and time will show who is right. I will have to appologize if they actually end up like MySpace or Youtube - walking away with a huge lump of money.

Today I became a member of the Security Bloggers Network over at Feedburner. Boy, am I proud? That means Alan at Stillsecure have visited and found my blog to measure up to the high standards. (I did have to poke him a couple of times, though!)

I am proud and honored!  If you do not know the Security Bloggers Network, I suggest you pay it a visit!