What are the main differences between dd_rescue
, dcfldd
, and dd
? In what situations would you use one over the other? Why are there three different yet simliar programs?
Answer
The three are different, and the two varients are derived for the needs of specific communities. dd is a general purpose software for imaging, dd-rescue is designed to rebuild damaged files from multiple passes and sources, and forensic dd varients are designed to make verifiable, legally sound copies
dd is the baseline version - its the generic product, so to speak. DD is designed to make a bit perfect copy. Its what you use when you want to make a disk image, with no fancy addons.dd does one thing well, and absolutely nothing else. While there's distinct gnu and bsd versions, their functionality and commands are identical to both the unix dd, and a previous software made for the IBM JCL
gnu ddrescue is optimised for data recovery - it will note down where bad sectors are, and will attempt to fill in those areas with data from subsequent runs.As a result, the aim is to get files that are readable, as opposed to bit perfect. You will want to use it to recover data from a drive you suspect is damaged. To confuse things, there's an older ddrescue which is not as advanced or easy to use, so check which one you're using. On ubuntu, gnu ddrescue is installed by the package gddrescue (and you want this, not the older ddrescue package) and is invoked by the command ddrescue.
Ddrescue does not write zeros to the output when it finds bad sectors in the input, and does not truncate the output file if not asked to. So, every time you run it on the same output file, it tries to fill in the gaps without wiping out the data already rescued.
Automatic merging of backups: If you have two or more damaged copies of a file, cdrom, etc, and run ddrescue on all of them, one at a time, with the same output file, you will probably obtain a complete and error-free file. This is so because the probability of having damaged areas at the same places on different input files is very low. Using the logfile, only the needed blocks are read from the second and successive copies.
dcfldd and other forensic dd varients are designed to make forensic copies. These need to be bit perfect AND verifiable. Use this when you absolutely need to know that a copy and subsequent copies are identical to the original - forensic dd varients add additional features such as hashing
From the website, additional features of dcfldd are
Hashing on-the-fly - dcfldd can hash the input data as it is being transferred, helping to ensure data integrity.
Status output - dcfldd can update the user of its progress in terms of the amount of data transferred and how much longer operation will take. Flexible disk wipes - dcfldd can be used to wipe disks quickly and with a known pattern if desired.
Image/wipe Verify - dcfldd can verify that a target drive is a bit-for-bit match of the specified input file or pattern. Multiple outputs - dcfldd can output to multiple files or disks at the same time.
Split output - dcfldd can split output to multiple files with more configurability than the split command. Piped output and logs - dcfldd can send all its log data and output to commands as well as files natively.
No comments:
Post a Comment