davidpolverari
commented
1 year ago Sorry for the delay. I have been busy because of work, but I think I will be able to review your newest changes today.
Closed szolnokit closed 1 year ago
davidpolverari
commented
1 year ago Sorry for the delay. I have been busy because of work, but I think I will be able to review your newest changes today.
davidpolverari
commented
1 year ago PS: as changes are minimal, and the project is not subject to a lot of changes so often, I could merge the PR as it is, and make the required changes myself later, in the case you don't if you have a problem with that.
Please let me know which way you prefer. Thanks!
davidpolverari
commented
1 year ago Merged. I'll make the adjustments soon. Thanks for your contribution!
'diffwr': write only to output if destination block content is differs [on/off] Default: off (working as original dcfldd)
Good feature, if the destination device is an SSD/flash/thumb drive device, and only some parts of source and destination(s) are different. For example: restore the SSD from an image file. The total speed much more faster, because of read instead full device write. And the smaller quantity of write not wearing SDD/flash device.
Working not only on block device, but working on plain image files as destination.
Tested many times with image files as source and real flash devices as destination, with destination re-checking. I used this feature practically on my forensic job, when I restore an SSD system disk cyclic. After every boot, I needed to restore the SSD disk from original image every time, again and again. Beacuse only small parts of system disk was modified at every boot, the "different write" was much more faster and "gentle" as full disk write. Without this feature, the full disk restore was half hour, with diffwr was only minutes. But the result on the SSD was same bit-by-bit.
diffwr feature only affects full_write function only. Not affects any other dcfldd functions any way. This feature is error proof. If destination read is not possible any way before write, this fall backs to default write operation. This provide, the result on destination will be always complete. In the full_write function, debug is possible (#if 1) to see, what blocks are written in real.
Fixed, and improved a little bit. Now, can change this settings before every 'of' options, like 'split" option. For example: dcfldd in=foo of=out1 diffwr=on of=out2 diffwr=off of=out4 of=out5 In the example, different write will be use only for "out2".
I hope, the forensics community use this feature with happy.