dd copies a file (from standard input to standard output by default) with a changeable I/O block size while optionally performing conversions on it. In practice dd is often used to create bit-stream image files of media as part of a forensic acquisition process. dd is both powerful and flexible but has a somewhat complex command line interface. Historically nearly every Linux/UNIX distribution has included a command known as dd (disk-to-disk).Its purpose was to make a bit-by-bit copy of any file drive or partition. Although most Linux distributions include dd several variations have been developed and enhanced that make our forensic image acquisition process easier. Nearly every image acquisition tool out there whether for Windows or Linux is a variation on dd. In Kali Linux we have a version of dd that was developed by the Department of Defense’s Digital Computer Forensics Laboratory that is dcfldd (presumably digital computer forensic laboratory dd). You will be using dcfldd to image a drive in this lab. Attachments: DFF-Lab.docx

