mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-15 15:34:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
100 lines
2.5 KiB
Markdown
100 lines
2.5 KiB
Markdown
# API Reference: dd and dcfldd Disk Imaging
|
|
|
|
## dd - Standard Unix Disk Duplication
|
|
|
|
### Basic Syntax
|
|
```bash
|
|
dd if=<source> of=<destination> [options]
|
|
```
|
|
|
|
### Key Options
|
|
| Flag | Description | Example |
|
|
|------|-------------|---------|
|
|
| `if=` | Input file (source device) | `if=/dev/sdb` |
|
|
| `of=` | Output file (destination image) | `of=evidence.dd` |
|
|
| `bs=` | Block size for read/write | `bs=4096` (forensic standard) |
|
|
| `count=` | Number of blocks to copy | `count=1024` |
|
|
| `skip=` | Skip N blocks from input start | `skip=2048` |
|
|
| `conv=` | Conversion options | `conv=noerror,sync` |
|
|
| `status=` | Transfer statistics level | `status=progress` |
|
|
|
|
### conv= Values
|
|
- `noerror` - Continue on read errors (do not abort)
|
|
- `sync` - Pad input blocks with zeros on error (preserves offset alignment)
|
|
- `notrunc` - Do not truncate output file
|
|
|
|
### Output Format
|
|
```
|
|
500107862016 bytes (500 GB, 466 GiB) copied, 8132.45 s, 61.5 MB/s
|
|
976773168+0 records in
|
|
976773168+0 records out
|
|
```
|
|
|
|
## dcfldd - DoD Forensic dd
|
|
|
|
### Basic Syntax
|
|
```bash
|
|
dcfldd if=<source> of=<destination> [options]
|
|
```
|
|
|
|
### Extended Options
|
|
| Flag | Description | Example |
|
|
|------|-------------|---------|
|
|
| `hash=` | Hash algorithm(s) | `hash=sha256,md5` |
|
|
| `hashlog=` | File for hash output | `hashlog=hashes.txt` |
|
|
| `hashwindow=` | Hash every N bytes | `hashwindow=1G` |
|
|
| `hashconv=` | Hash before or after conversion | `hashconv=after` |
|
|
| `errlog=` | Error log file | `errlog=errors.log` |
|
|
| `split=` | Split output into chunks | `split=2G` |
|
|
| `splitformat=` | Suffix format for split files | `splitformat=aa` |
|
|
| `vf=` | Verification file | `vf=evidence.dd` |
|
|
| `verifylog=` | Verification result log | `verifylog=verify.log` |
|
|
|
|
### Output Format
|
|
```
|
|
Total (sha256): a3f2b8c9d4e5f6a7b8c9d0e1f2a3b4c5...
|
|
1024+0 records in
|
|
1024+0 records out
|
|
```
|
|
|
|
## sha256sum - Hash Verification
|
|
|
|
### Syntax
|
|
```bash
|
|
sha256sum <file_or_device>
|
|
sha256sum -c <checksum_file>
|
|
```
|
|
|
|
### Output Format
|
|
```
|
|
a3f2b8c9d4e5f6... /dev/sdb
|
|
a3f2b8c9d4e5f6... evidence.dd
|
|
```
|
|
|
|
## blockdev - Write Protection
|
|
|
|
### Syntax
|
|
```bash
|
|
blockdev --setro <device> # Set read-only
|
|
blockdev --setrw <device> # Set read-write
|
|
blockdev --getro <device> # Check: 1=RO, 0=RW
|
|
blockdev --getsize64 <device> # Size in bytes
|
|
```
|
|
|
|
## lsblk - Block Device Enumeration
|
|
|
|
### Syntax
|
|
```bash
|
|
lsblk -o NAME,SIZE,TYPE,MOUNTPOINT,MODEL,SERIAL,RO
|
|
lsblk -J # JSON output
|
|
lsblk -p # Full device paths
|
|
```
|
|
|
|
## hdparm - Drive Identification
|
|
|
|
### Syntax
|
|
```bash
|
|
hdparm -I <device> # Detailed drive info
|
|
hdparm -i <device> # Summary identification
|
|
```
|