Acquiring Disk Image With Dd And Dcfldd
Create forensically sound block-level disk images with dd or dcfldd during incident response or evidence preservation on Linux systems.
Overview
Acquiring Disk Image with dd and dcfldd is an agent skill for the Ship phase that guides forensically oriented block-level disk imaging on Linux using dd and dcfldd.
Install
npx skills add https://github.com/mukul975/anthropic-cybersecurity-skills --skill acquiring-disk-image-with-dd-and-dcflddWhat is this skill?
- Block-level acquisition workflows using classic dd and enhanced dcfldd tooling
- Forensic focus: integrity, chain-of-custody considerations, and repeatable command documentation
- Suited to incident response and digital forensics on Linux endpoints and servers
- Apache-licensed skill package from a cybersecurity skills collection
- Terminal-native procedure skill—not a cloud snapshot API wrapper
Adoption & trust: 1 installs on skills.sh; 14.9k GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
What problem does it solve?
You suspect compromise or need legal-grade preservation of a disk and cannot rely on ad-hoc copy commands that break integrity or chain of custody.
Who is it for?
Solo operators handling their own infra or IR retainers who must image Linux block devices with standard forensic CLI tools.
Skip if: Routine cloud volume backups, non-Linux environments without block-device access, or builders who only need file-level sync without forensic requirements.
When should I use this skill?
You need forensically oriented Linux disk acquisition using dd or dcfldd during security incidents or evidence preservation.
What do I get? / Deliverables
You get a documented imaging procedure with dd/dcfldd commands suitable for repeatable evidence capture before deeper forensic analysis or remediation.
- Documented dd/dcfldd command sequence with source and destination mapping
- Raw disk image file ready for hashing and offline analysis
- Operator notes supporting chain-of-custody handoff
Recommended Skills
Journey fit
Disk acquisition is a Ship-phase security discipline—executed when you must preserve evidence or analyze compromised hosts before or after release, not during casual feature work. Imaging with verified hashing and documented command lines sits under security operations and audit readiness rather than generic DevOps deploy.
How it compares
Forensic block-imaging ritual on the host—not a managed backup SaaS or container image build pipeline.
Common Questions / FAQ
Who is acquiring-disk-image-with-dd-and-dcfldd for?
Developers and indie operators doing security or incident-response work who need bit-level Linux disk images using dd or dcfldd.
When should I use acquiring-disk-image-with-dd-and-dcfldd?
During Ship security prep or active incidents when you must preserve storage before wipe, rebuild, or handoff to analysis—typically on dedicated Linux hosts or bare-metal VPS.
Is acquiring-disk-image-with-dd-and-dcfldd safe to install?
Check the Security Audits panel on this Prism page; the skill implies shell and filesystem access with destructive potential if destination devices are mis-specified—always dry-run device paths and use external write-blockers when required.
SKILL.md
READMESKILL.md - Acquiring Disk Image With Dd And Dcfldd
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to the Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by the Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of