Yes. dcfldd is a bit for bit copy of the drive. All bits, including deleted files, etc., are included.
Does dcfldd allow me to mirror the disk in such a manner as to include deleted files? I can not swap drives. I need to obtain an image with which I can "undelete" files that were conventionally erased.
Will dcfldd provide such an image?
Paul Schmehl (pauls@xxxxxxxxxxxx) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/