Make a Backup Image of your Hard Drive with DD

Last updated: Apr 4, 2008

Dd is a tool that is often used in computer forensics because it is extremly low level and effecient at creating exact duplicates of hard drives. For this reason it is often the tool for which all other tools are compared to. But is it useful for us regular Joes?. Can we use dd to create digital copies of our hard drives for backup reasons? Yes we can, and I actually find that it is easier to use than commercially available solutions.

Dd is not always the best solution for regular imaging of hard drives. The reason for this is because dd literally makes exact copies of the hard drive it self not the actual data. So what this means is that dd is making copies of data that remains on the hard drive long after you delete it. This is one of the reasons that makes it a good tool for forensics but not so great for home users because that extra data that doesn’t need to be copied adds for a larger image file in the end.

The dd image file can be compressed to save space. Often times people will “zero out” the unused portions of the drive before imaging. This will make compression for that part of the drive incredibily small. What would normally be a few gigabytes of extra useless space could be reduced to a few kilobytes after you zero it out.

“Zeroing out” the unused portion of the drive adds unneeded writing to the drive which could shorten the lifespan of the drive some what. This is why DD is not necessarily the best solution for home imaging. Instead you should consider using Norton Ghost or Acronis True Image. If you are prefer to use free open source solutions, partimage would be a good alternative. But it doesn’t support restoring entire drives. Only partitions of drives.

Now that you are aware that dd is not typically used for regular imaging I will describe how you can use it for creating an exact duplicate of your hard drive.

Basic syntax:

infile > outfile

# dd if=/*source* of=/*destination*

It is absolutely imperative that you understand the basic structure of the command. Dd is so notorious for destroying data due to mis-typed commands that many people call it data destroy or disk destroy instead of its true name, data definition. Most of these catosrophic data destroying events are caused by reversing the input with the output. I am warning you now. Check the command twice before entering!

It is a good idea for the drive that is to be copied to be in read only mode. This can be done by booting into a live linux CD like knoppix.

Now for examples

Cloneing one hard drive directly to another hard drive:

dd if=/dev/sda of=/dev/sdb bs=4096 conv=notrunc,noerror

Ideally the second hard drive should be the exact same size. If it is a larger drive the copy will now be formatted the same as the original, and there won’t be any space left on the drive.

The Notrunc flag means ‘do not truncate the output file’. The Noerror flag means to keep going if there is an error. Normally dd stops at any error.

This will copy the entire drive to a compressed image file.

# dd if=/dev/sda ibs=4096 | gzip > partition.image.gz conv=noerror

If you want to restore the drive in the future you would use this:

# dd if=partition.image.gz | gunzip | dd of=/dev/sdba

Need to print shipping labels on your site?

Checkout my product RocketShipIt for simple easy-to-use developer tools for UPS™ FedEx™ USPS™ and more.

Get notified on new posts or other things I'm working on