|
Compressing with bzip2
Another of the other widely used compression utilities in Linux is bzip2, which works similarly to gzip but has better compression ratios, meaning that the resulting file will be even smaller. You can compress your HackersArise.tar file by entering the following:
kali >bzip2 HackersArise.*
When you do a long listing, you can see that bzip2 has compressed the file down to just 2,081 bytes! Also note that the file extension is now .tar.bz2.
To uncompress the compressed file, use bunzip2, like so:
kali >bunzip2 HackersArise.* kali >
When you do, the file returns to its original size, and its file extension returns to .tar.
Finally, you can use the command compress to compress the file. This is probably the least commonly used compression utility, but it’s easy to remember. To use it, simply enter the command compress followed by the filename, like so:
kali >compress HackersArise.*
kali >ls -l
--snip--
-rw-r--r-- 1 root root 5476 Nov 27 2018 13:32 HackersArise.tar.Z
Note that the compress utility reduced the size of the file to 5,476 bytes, more than twice the size of bzip2. Also note that the file extension now is .tar.Z (with an uppercase Z).
To decompress the same file, use uncompress:
kali >uncompress HackersArise.*
You can also use the gunzip command with files that have been compressed with compress.
Creating Bit-by-Bit or Physical Copies of Storage Devices
Within the world of information security and hacking, one Linux archiving command stands above the rest in its usefulness. The dd command makes a bit-by-bit copy of a file, a filesystem, or even an entire hard drive. This means that even deleted files are copied (yes, it’s important to know that your deleted files may be recoverable), making for easy discovery and recovery. Deleted files will not be copied with most logical copying utilities, such as cp.
Once a hacker has owned a target system, the dd command will allow them to copy the entire hard drive or a storage device to their system. In addition, those people whose job it is to catch hackers—namely, forensic investigators—will likely use this command to make a physical copy of the hard drive with deleted files and other artifacts that might be useful for finding evidence against the hacker.
It’s critical to note that the dd command should not be used for typical day-to-day copying of files and storage devices because it is very slow; other commands do the job faster and more efficiently. It is, though, excellent when you need a copy of a storage device without the filesystem or other logical structures, such as in a forensic investigation.
The basic syntax for the dd command is as follows:
dd if=inputfile of=outputfile
So, if you wanted to make a physical copy of your flash drive, assuming the flash drive is sdb (we’ll discuss this designation more in Chapter 10), you would enter the following:
kali >dd if=/dev/sdb of=/root/flashcopy
1257441=0 records in
1257440+0 records out
7643809280 bytes (7.6 GB) copied, 1220.729 s, 5.2 MB/s
Let’s break down this command: dd is your physical “copy” command; if designates your input file, with /dev/sdb representing your flash drive in the /dev directory; of designates your output file; and /root/flashcopy is the name of the file you want to copy the physical copy to. (For a more complete explanation of the Linux system designation of drives within the /dev directory, see Chapter 10.)
Numerous options are available to use with the dd command, and you can do a bit of research on these, but among the most useful are the noerror option and the bs (block size) option. As the name implies, the noerror option continues to copy even if errors are encountered. The bs option allows you to determine the block size (the number of bytes read/written per block) of the data being copied. By default, it is set to 512 bytes, but it can be changed to speed up the process. Typically, this would be set to the sector size of the device, most often 4KB (4,096 bytes). With these options, your command would look like this:
kali >dd if=/dev/media of=/root/flashcopy bs=4096 conv:noerror
As mentioned, it’s worth doing a little more research on your own, but this is a good introduction to the command and its common usages.
Do'stlaringiz bilan baham: |
