To transfer a disk image via an ssh tunnel (think evidence collection across the internet):
dd if=</path/to/disk> | ssh user@host “dd of=<filename>”
For example:
dd if=/dev/sda | ssh user@example.com “dd of=image.dd”
In practice, you’ll probably want to use some additional dd options such as bs (block size), count, etc. If doing this for evidentiary purposes, dcfldd, dc3dd, ewfacquire, and others, provide more forensic-friendly options.
To compress data before sending it across the network, add bzip2 (or gzip) with another pipe:
dd if=</path/to/disk> | bzip2 | ssh user@host “dd of=<filename”.
Leave a Reply