Alternative for DD command with a progress report about how much has been written-dcfldd

1 ) DD Command:-

The dd command stands for “data duplicator” and used for copying and converting data. It is very powerful low level utility of Linux which can do much more like.

• Backup and restore the entire hard disk or partition.
• Backup of MBR (Master Boot Record)
• It can copy and convert magnetic tape format, convert between ASCII and EBCDIC formats,swap bytes and can also convert lower case to upper case.
• It can also be used by Linux kernel make files to make boot images.

Only superuser can run this command because you can face a big data loss due to its improper usage, so you should be very careful while working with this utility. At that moment data loss can convert the dd utility as a “data destroyer” for you

Please note that the use of the dd tool can overwrite any partition of your machine. If you specify the wrong device in the instructions below, you could delete your primary Linux partition. Please be careful.

Syntax of dd command

dd if=<source file name> of=<target file name> [Options]

We normally do not explain about syntax but this command syntax require some explanation. The syntax is totally different when compared to many Linux commands we know. In this syntax dd is followed by two things

if=<source> –This is a source from where you want to copy data and ‘if’ stands for input-file.

of=<destination> –This is a source from where you want to write/paste data and ‘of’ stands for output-file.

[options] –These options include, how fast data should be written, what format etc.

Example :-

dd if=/dev/zero of=/dev/null


/dev/zero – It’s not really a blank file, nor used to create blank files: it’s used to create files or memory pages filled with only zeroes.(/dev/zero return as many null characters (0x00) as requested in the read operation.)

/dev/null – is typically used for disposing of unwanted output streams of a process, or as a convenient empty file for input streams.

Screenshot from 2016-07-20 00-02-57

The dd command does not give any information of its progress.To see the progress of the copy operation you can runpkill -USR1 -n -x dd in another terminal, prefixed with sudo if you are not logged in as root. The progress will be displayed in the original window and not the window with the pkill command; it may not display immediately, due to buffering.

Screenshot from 2016-07-20 00-07-32.png

This will not show you continues progress status so to get continues progress status use watch command followed by pkill -USR1 dd in second terminal.

command - watch -n1 'pkill -USR1 dd'

where n1 – it will monitor every one second.

Screenshot from 2016-07-20 00-20-16


Screenshot from 2016-07-20 00-20-37.png



dcfldd is an enhanced version of dd developed by the U.S. Department of Defense Computer Forensics Lab. It has some useful features for forensic investigators such as:

  • On-the-fly hashing of the transmitted data.
  • Progress bar of how much data has already been sent.
  • Wiping of disks with known patterns.
  • Verification that the image is identical to the original drive, bit-for-bit.
  • Simultaneous output to more than one file/disk is possible.
  • The output can be split into multiple files.
  • Logs and data can be piped into external applications.

The program only produces raw image files.

Install the package:-

sudo apt-get install dcfldd

Screenshot from 2016-07-20 00-29-45.png

Example of dcfldd:-

dcfldd if=/dev/zero of=/dev/null

Screenshot from 2016-07-20 00-33-25


ddrescue – data recovery tool.Copies data from one file or block device to another, trying to rescue the good parts first in case of read errors.

To run ddrescue, use the following format for commands:

root# ddrescue -r3 -n /dev/[baddrive] /dev/[gooddrive] recovery.log

Here’s an explanation of each of these components:

  • -n   Short for’–no-scrape’. Prevents ddrescue from running through the scraping phase, essentially preventing the utility from spending too much time attempting to recreate heavily damaged areas of a file.
  • -r3   Tells ddrescue to keep retrying damaged areas until 3 passes have been completed. If you set ‘r=-1’, the utility will make infinite attempts. However, this can be destructive, and ddrescue will rarely restore anything new after three complete passes.
  • /dev/[baddrive]   Identifies the drive that will be copied. Fill this in with the name of your bad drive.
  • /dev/[gooddrive]   Identifies the drive where the data will be cloned. Fill this in with the name of the good drive. You can also create an image file by replacing this with something like imagefile.img.
  • recovery.log   This creates a logfile, which is essential if you’re performing multiple passes. You can name the logfile anything, but without a logfile, you can’t make additional passes on areas of your disk with bad sectors.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s