Comments on Creating a dd/dcfldd Image Using Automated Image & Restore (AIR)

Creating a dd/dcfldd Image Using Automated Image & Restore (AIR) Automated Image & Restore (AIR) is an open source application that provides a GUI front end to the dd/dcfldd (Dataset Definition (dd)) command. AIR is designed to easily create forensic disk/partition images. It supports MD5/SHAx hashes, SCSI tape drives, imaging over a TCP/IP network, splitting images, and detailed session logging. To date, the AIR utility has only been developed for use on Linux distributions. In its simplest form, AIR provides a convenient interface to execute the dd set of commands. It eliminates the risk of "fat fingering" an error in the shell terminal and ultimately makes using the dd command more user-friendly for those who are not as experienced. Please note that using the AIR front end still requires some basic knowledge of how the dd (or dcfldd) commands work.

8 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:
Reply  

The instructions leave out some important points for Ubuntu 7.10

If you get this -  FATAL ERROR:

"The uudecode program could not be found on your system..."

Then run this in the terminal - sudo apt-get install sharutils 

I also got this:

"Perl/Tk is not installed on your system or you have a version
(0) other than what is called for, so for the installation
to proceed, it will have to be downloaded from the CPAN site on
the Internet.  This means your system must be connected to a
network with Internet access and properly configured.  If you
can surf the web then you should be okay.

Once Perl/Tk is downloaded (approx 5.8M), it will automatically
be compiled and installed."

I checked perl --version and got -

This is perl, v5.8.8 built for i486-linux-gnu-thread-multi

Copyright 1987-2006, Larry Wall

So, I'm not sure which version of Perl this is looking for, but I'm not continuing with the installation until I get it sorted out. If it's looking for an older version of Perl, then maybe the package needs updating...

 

By: Anonymous
Reply  

This is typical Linux installation where nothing works.

 

Typical advice is "You just type this and this and then it's atomatically installed..." NOT IT'S NOT

 

This is so DOS.

"Perl/Tk is not installed on your system or you have a version
(804.028) other than what is called for, so for the installation
to proceed. Once Perl/Tk is downloaded, it will automatically be compiled
and installed."


hahahah - SO WHAT'S THE VERSION YOU ARE LOOKING FOR? SOME LEGACY VERSIONS OR WHAT? JESUS - GET A LIFE!

 

This Application got all the AIR out of the system... These kind of installations is why people uses Windows. Catastrophic...

By:
Reply  

Ok - update from last post:

if you get the message complaining about Perl/Tk,

go to a terminal and do this: sudo apt-get install perl-tk

That solves the second missing point. The installation will continue as expected. 

 

By:
Reply  

Yikes - another missing part...

When air starts, you may get a nasty message about encrypting data.

If you do, in a terminal (again)...

sudo apt-get install cryptcat

(You will need to restart air for this to go away) 

By: Anonymous
Reply  

I was able toCreate a dd/dcfldd Image Using Automated Image & Restore (AIR). Now I would like to restore it into a Virtual Machine. Could somebody please help? TIA.

By: Anonymous
Reply  

Sun Virtualbox (multi-platform freeware from virtualbox.org) has a command line utility that can convert raw disk images (e.g. dd images) to either VDI (Sun Virtualbox), VMDK (e.g. vmware) or VHD (Microsoft) virtual machine disk images.  See the Virtualbox user manual, and lookup or search for the command "VBoxManage convertfromraw".

 Example command:

VBoxManage convertfromraw --format VMDK --variant fixed ImageFile.dd OutputFile.vmdk

 

This command would take a dd image file called ImageFile.dd and create a byte by byte file (i.e. non-compressed, and approximately the same size as the dd file) called OutputFile.vmdk.

Though the post I am replying to on this is quite old, I hope this is able to help someone who may come across this topic via search.

By: Anonymous
Reply  

Check out LiveView - http://liveview.sourceforge.net/

LiveView makes converting dd images to VMs easy.

By: BobC
Reply  

Air will install under Cygwin, but there are some things to be aware of.

First, Air will only run under Cygwin-X, since Tk requires X under Cygwin.  Be sure to start the XWin Server as Administrator!

Second, since the Air installer Tk version check is broken, you need to bypass it.  Do the following from a bash prompt:

First, ensure Tk is installed and is current:

cpan install Tk

Then check the current version:

 perl -e 'use Tk;print "$Tk::VERSION";'

 And export that value:

export PERLTK_VER="804.031"

 When you first try to run Air it will complain about several missing applications.  Check for them in the following order:

  1. Cygwin installer
  2. Search for the program name ("whatever.exe") with "cygwin".
  3. Search for the program name ("whatever.exe") alone.
  4. Get the source and build it under Cygwin.
  5. Get the source and build it under Windows.

The only application I couldn't find a Cygwin or Windows executable for was cryptcat, which I fortunately don't need.

Finally, Air will sometimes start with errors like this:

0 [main] perl 9336 child_info_fork::abort: address space needed by 'Menubutton.dll' (0x7F0000) is already occupied

 When this happens, hit ^C and try again.  It may take several times, but it will eventually start normally.

 Enjoy!