[ale] I have a single shell command complex syntax winner
Greg Freemyer
greg.freemyer at gmail.com
Wed Jan 26 11:25:08 EST 2011
All,
I thought I spoke command line pretty well, but on another list I just saw:
dcfldd bs=32k conv=noerror,sync sizeprobe=if if=/dev/sda
of:='ewfacquirestream -c fast -d sha1 -D MAC20 -M physical -S 2000000
-l "/media/HD-PVU2/MAC20/MAC20.log.txt.hashes" -t
"/media/HD-PVU2/MAC20/MAC20" 2> /dev/null > /dev/null' errlog:='tee -a
"/media/HD-PVU2/MAC20/MAC20.log.txt" > /dev/null' hashlog:='tee -a
"/media/HD-PVU2/MAC20/MAC20.log.txt.hashes" > /dev/null'
That is one hard to parse statement, at least for me. I think it
launches 4 program instances without any of the normal connectors
dcfldd is a custom version of dd.
We have a couple things I've never seen before:
:= I can guess, but is that generic, or a dcfldd specific syntax?
I'll have to look it up.
And I count 3 redirects of stdout in there. All are in single quotes,
so I guess the only impact the command they are quoted with. Never
knew that.
Greg
--
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list