[ale] I have a single shell command complex syntax winner

Greg Freemyer greg.freemyer at gmail.com
Wed Jan 26 11:25:08 EST 2011


All,

I thought I spoke command line pretty well, but on another list I just saw:

dcfldd bs=32k conv=noerror,sync sizeprobe=if if=/dev/sda
of:='ewfacquirestream -c fast -d sha1 -D MAC20 -M physical -S 2000000
-l "/media/HD-PVU2/MAC20/MAC20.log.txt.hashes" -t
"/media/HD-PVU2/MAC20/MAC20" 2> /dev/null > /dev/null' errlog:='tee -a
"/media/HD-PVU2/MAC20/MAC20.log.txt" > /dev/null' hashlog:='tee -a
"/media/HD-PVU2/MAC20/MAC20.log.txt.hashes" > /dev/null'

That is one hard to parse statement, at least for me.  I think it
launches 4 program instances without any of the normal connectors

dcfldd is a custom version of dd.

We have a couple things I've never seen before:

:=    I can guess, but is that generic, or a dcfldd specific syntax?
I'll have to look it up.

And I count 3 redirects of stdout in there.  All are in single quotes,
so I guess the only impact the command they are quoted with.  Never
knew that.

Greg


-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
   http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list