On Unix, device drivers for hardware (such as hard disks) and special device files (such as /dev/zero and /dev/random) appear in the file system just like normal files;
dd can also read from (and in some cases write to) these files. As a result,
dd can be used for tasks such as backing up the boot sector of a hard drive, and obtaining fixed amount of random data. The
dd program can also perform conversions on the data as it is copied, including byte order swapping and conversion to and from the ASCII and EBCDIC text encodings.
dd may be an allusion to the DD statement found in IBM's Job Control Language (JCL), where the initialism stands for "Data Description." The command's syntax resembles the JCL statement more than it does other Unix commands, so the syntax may have been a joke. Another explanation for the command's name is that "cc" (for "convert and copy", as in the command's decription) was already taken by the C compiler.
The command line syntax of
dd differs from many other Unix programs, in that it uses the syntax
option=value for its command line options, rather than the more-standard
-option value and
--option=value formats. By default,
dd reads from STDIN and writes to STDOUT, but these can be changed by using the
if (input file) and
of (output file) options.
Usage varies across different operating systems. Also, certain features of
dd will depend on the computer system capabilities, such as
dd's ability to implement an option for direct memory access. Sending a SIGINFO signal (or a USR1 signal on Linux) to a running
dd process makes it print I/O statistics to standard error and then continue copying (note that signals may terminate the process on OS X).
dd can read standard input from the keyboard. When end-of-file (EOF) is reached,
dd will exit. Signals and EOF are determined by the software. For example, Unix tools ported to Windows vary as to the EOF: Cygwin uses <ctrl-d> (the usual Unix EOF) and MKS Toolkit uses <ctrl-z> (the usual Windows EOF).
In compliance with the Unix philosophy,
dd does one thing well. Unlike a sophisticated and highly abstracted utility,
dd has no algorithm other than in the low-level decisions of the user concerning how to vary the run options. Often the options are changed for each run of
dd in a multi-step process to solve a computer problem.
Output messages 
The GNU variant of
dd as supplied with Linux does not describe the format of the messages displayed on standard output on completion, however these are described by other implementations e.g. that with BSD.
Each of the "Records in" and "Records out" lines shows the number of complete blocks transferred + the number of partial blocks, e.g. because the physical medium ended before a complete block was read, or a physical error prevented reading the complete block.
Block size 
A block is a unit measuring the number of bytes that are read, written, or converted at one time. Command line options can specify a different block size for input/reading (
ibs) compared to output/writing (
obs), though the block size (
bs) option will override both
obs. The default value for both input and output block sizes is 512 bytes (the block size of Unix block devices). The
count option for copying is measured in blocks, as are both the
skip count for reading and
seek count for writing. Conversion operations are also affected by the "conversion block size" (
For some uses of the
dd command, block size may have an effect on performance. For example, when recovering data from a hard disk, a small block size will generally cause the most bytes to be recovered. For greater speed during copy operations, a larger block size may be used. When
dd is used for network transfers, the block size may have an impact on packet size, depending on the network protocol used.
The value provided for block size options is interpreted as a decimal (base 10) integer, and can also include suffixes to indicate multiplication. The suffix
w means multiplication by 2,
b means 512,
k means 1024,
M means 1024 × 1024,
G means 1024 × 1024 × 1024, and so on. Additionally, some implementations understand the
x character as a multiplication operator for both block size and count parameters.
For example, a block size such as
bs=2x80x18b is interpreted as 2 × 80 × 18 × 512 = 1474560 bytes, the exact size of a 1440 KiB floppy disk.
dd command can be used for a variety of purposes.
Data transfer 
dd can duplicate data across files, devices, partitions and volumes. The data may be input or output to and from any of these; but there are important differences concerning the output when going to a partition. Also, during the transfer, the data can be modified using the
conv options to suit the medium.
An attempt to copy the entire disk using
cp may omit the final block if it is of an unexpected length; whereas
dd may succeed. The source and destination disks should have the same size.
||create an ISO disk image from a CD-ROM.|
||Clone one partition to another|
||Clone a hard disk "ad0" to "ad1".|
noerror option means to keep going if there is an error. The
sync option means to pad the output blocks.
Master boot record backup and restore 
It is possible to repair a master boot record. It can be transferred to and from a repair file.
To duplicate the first two sectors of a floppy drive:
dd if=/dev/fd0 of=MBRboot.img bs=512 count=2
dd if=/dev/sda of=MBR.img bs=512 count=1
dd if=/dev/sda of=MBR_boot.img bs=446 count=1
Data modification 
dd can modify data in place.
Overwrite the first 512 bytes of a file with null bytes:
dd if=/dev/zero of=path/to/file bs=512 count=1 conv=notrunc
notrunc conversion option means do not truncate the output file — that is, if the output file already exists, just replace the specified bytes and leave the rest of the output file alone. Without this option,
dd would create an output file 512 bytes long.
To duplicate a disk partition as a disk image file on a different partition:
dd if=/dev/sdb2 of=partition.image bs=4096 conv=noerror
Disk wipe 
For security reasons, it is necessary to have a disk wipe of the discarded device.
To check to see if a drive has data on it, send the output to standard out.
To wipe a disk by writing zeros:
dd if=/dev/zero of=/dev/sda bs=4k conv=notrunc
bs=4k option makes dd read and write 4 kilobytes at a time. This makes the whole process a lot faster on any relatively modern system. Note that filling the drive with random data will always take a lot longer than zeroing the drive, because the random data must be rendered by the CPU first. On most relatively modern drives, zeroing the drive will render any data it contains permanently irrecoverable.
Zeroing the drive will render any data it contains irrecoverable by software. Note that it still may be recoverable by special laboratory techniques; read about data remanence.
The shred program may be used as a higher level tool for the same task.
Data recovery 
The history of open-source software (OSS) for data recovery and restoration of files, drives, and partitions started with GNU
dd in 1984, with one block size per
dd process, and no recovery algorithm other than the user's interactive session running one form of
dd after another. Then a C program was authored October 1999 called
dd_rescue. It has two block sizes in its algorithm. But the author of the 2003 shell script
dd_rhelp that enhances
dd_rescue's data recovery algorithm, now recommends
GNU ddrescue, a C++ program that was initially released in 2004 and is now in most Linux distributions. GNU
ddrescue has the most sophisticated block-size-changing algorithm available in OSS. (The names ddrescue and dd_rescue are similar, yet they are different programs. Still, the Debian Linux distribution packages
dd_rescue as "ddrescue", and packages GNU ddrescue as "gddrescue").
ddrescue is stable and safe. Here is an untested rescue using 3 of ddrescue's 31 options:
ddrescue -n /dev/old_disk /dev/new_disk # quickly grab large error-free areas, then stop ddrescue -d -r1 /dev/old_disk /dev/new_disk # work with direct disk access on error areas
Another open source program called
savehd7 uses a sophisticated algorithm, but it also requires the installation of its own programming-language interpreter.
Benchmarking drive performance 
To make drive benchmark test and analyze the sequential read and write performance for 1024 byte blocks :
dd if=/dev/zero bs=1024 count=1000000 of=file_1GB dd if=file_1GB of=/dev/null bs=64k
Generating a file with random data 
To make a file of 100 random bytes:
dd if=/dev/random of=myrandom bs=100 count=1
Converting a file to upper case 
To convert a file to uppercase:
dd if=filename of=filename1 conv=ucase
Creating empty files of arbitrary size 
Create a 1 GiB sparse file or resize an existing file to 1 GiB without overwriting:
dd if=/dev/zero of=mytestfile.out bs=1 count=0 seek=1G
Seagate documentation warns, "Certain disc utilities, such as DD, which depend on low-level disc access may not support 48-bit LBAs until they are updated". Using ATA harddrives over 128 GiB requires 48-bit LBA. However, in Linux,
dd uses the kernel to read or write to raw device files. Support for 48-bit LBA has been present since version 2.4.23 of the kernel, released in 2003.
It is jokingly said that
dd stands for "destroy disk" or "delete data", since when used for low-level operations on hard disks, a small mistake such as reversing the input file and output file parameters could result in the loss of some or all data on a disk.
dcfldd is a fork of dd that is an enhanced version developed by the U.S. Department of Defense Computer Forensics Lab. Compared to dd, dcfldd allows for more than one output file, supports simultaneous multiple checksum calculations, provides a verification mode for file matching, and can display of the percentage progress of an operation.
See also 
- Bell Laboratories. "dd man page". Retrieved 2009-02-25.
- Sam Chessman. "How and when to use the dd command?". CodeCoffee. Retrieved 2008-02-19.
- Eric S. Raymond. "dd". Retrieved 2008-02-19.
- See this old discussion "The Unix "dd" command". alt.folklore.computers. Retrieved 2011-07-05.
- Wright, Craig; Kleiman, Dave; Sundhar R.S., Shyaam (2008). "Overwriting Hard Drive Data: The Great Wiping Controversy". Lecture Notes in Computer Science. Information Systems Security 5352: 243–257. doi:10.1007/978-3-540-89862-7_21. Retrieved 7 March 2012.
- LAB Valentin (19 September 2011). "dd_rhelp author's repository". "Important note : For some times, dd_rhelp was the only tool (AFAIK) that did this type of job, but since a few years, it is not true anymore : Antonio Diaz did write a ideal replacement for my tool : GNU 'ddrescue'."
- "Damaged Hard Disk". www.cgsecurity.org. Retrieved 2008-05-20.
- "Interview with GNU ddrescue's Antonio Diaz Diaz". Blue-GNU. Archived from the original on 2008-04-15. Retrieved 2008-12-06.
- Windows 137GB (128 GiB) Capacity Barrier - Seagate Technology (March 2003)
- This is verifiable with strace.
- "ChangeLog-2.4.23". www.kernel.org. Retrieved 2009-12-07.
- Linux-2.4.23 released Linux kernel mailing list, 2003.
- Jeremy Faircloth, Chris Hurley (2007). Penetration Tester's Open Source Toolkit. Syngress. pp. 470–472. ISBN 9780080556079.
- Jack Wiles, Anthony Reyes (2011). The Best Damn Cybercrime and Digital Forensics Book Period. Syngress. pp. 408–411. ISBN 9780080556086.
- The Single UNIX® Specification, Issue 7 from The Open Group : convert and copy a file – Commands & Utilities Reference,
- dd: manual page from the GNU Core Utilities.
- Darwin and Mac OS X General Commands Manual –
- dd for Windows.
- savehd7 - Save a potentially damaged harddisk partition
- GNU ddrescue.
- Manual for GNU ddrescue.
- Softpanorama dd page.
- DD at Linux Questions Wiki.
- How to use ddrescue to image a damaged harddisk partition and mount it in Windows.
- Forensics (DD) Dcfldd