master boot record mbr
play

Master Boot Record (MBR) A Forensic Perspective Villanova - PowerPoint PPT Presentation

Feb 16, 2024 •5 likes •65 views

Master Boot Record (MBR) A Forensic Perspective Villanova University Department of Computing Sciences D. Justin Price Spring 2014 Master Boot Record Occupies the first 512-byte sector Boot Code Assembly Language

  1. Master Boot Record (MBR) 
 A Forensic Perspective Villanova University – Department of Computing Sciences – D. Justin Price – Spring 2014

  2. Master Boot Record • Occupies the first 512-byte sector – Boot Code • Assembly Language – Disk Signature – Partition Table • Four Possible Entries (Primary / Extended) – Each entry had the following » Starting LBA address » Number of sectors in partition » Type of partition » Flags – Signature Value Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014

  3. MBR Partition Table Byte Range Description 000-439 Boot Code 440-443 Disk Signature 446-461 Partition Entry #1 462-477 Partition Entry #2 478-493 Partition Entry #3 494-509 Partition Entry #4 510-511 Signature Value (0xAA55) Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014

  4. 000-439 Boot Code Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014

  5. 440-443 Disk Signature • Byte 440-443= 0x8bde8afa – Who Cares? Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014

  6. 446-461 MBR Partition Entry Byte Range Description Example 00-00 Bootable Flag (0x80 = Active) 0x80 = Active & Bootable 01-03 Starting CHS Address 04-04 Partition Type 0x07 = NTFS 05-07 Ending CHS Address 08-11 Starting LBA Address 0x0800 = 2,048 (Sector) 12-15 Size in Sectors 0x077FF000 = 125,825,024 Sectors Partition Types = www.datarecovery.com/hexcodes.asp Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Master Boot Record (MBR) Created when the disk is

Master Boot Record (MBR) Created when the disk is

Operating Systems II Unit OS8: File System 8.5. Co-Loca+ng File Systems Prof. Dr. Andreas Polze, Andreas Grapentin, Bernhard Rabe Master Boot Record (MBR) Created when the disk is

922 views • 5 slides
GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR)

GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR)

GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR) GUID Partition Table (GPT) Computer Center, CS, NCTU Unified Extensible Firmware Interface Legacy BIOS limitations 16-bit processor mode

474 views • 14 slides
Virus Infection Techniques: Boot Record Viruses Bill Harrison CS4440/7440 Malware Analysis and

Virus Infection Techniques: Boot Record Viruses Bill Harrison CS4440/7440 Malware Analysis and

Virus Infection Techniques: Boot Record Viruses Bill Harrison CS4440/7440 Malware Analysis and Defense Reading } Start reading Chapter 4 of Szor 2 Virus Infection Techniques } We will survey common locations of virus infections: MBR (Master

727 views • 49 slides
Pre-boot RAM acquisition and compression Martijn Bogaard Student of Master in System and

Pre-boot RAM acquisition and compression Martijn Bogaard Student of Master in System and

Pre-boot RAM acquisition and compression Martijn Bogaard Student of Master in System and Network Engineering University of Amsterdam 02 July 2015 Why memory forensics? What was the user doing? What applications were running? Is

535 views • 42 slides
RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT. BOOT https://github.com/boot-clj/boot BOOT TEMPLATES boot -d seancorfield/boot-new new -t tenzing -n <name> [+a <option>]* $ cd

566 views • 22 slides
Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides
I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device 3. The bootkit 4. Defending / Detecting 2 / 44 Introduction Vincent Works at KPN REDteam Likes Linux and low-level stu Located in Amsterdam

792 views • 44 slides
Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are the transmitters of body movement to the ski. Proper support, comfort, and performance application make the difference between a good day on the snow

431 views • 29 slides
Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0 Why Secure Boot? How can we prevent running malware at boot? With Secure Boot! What if the machine is a VM in

303 views • 15 slides
Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is an innovative SPI tool created by DediProg to force the application controller to work (read, program, update..) on the backup memory inserted in the

1.06k views • 17 slides
Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda What is Verified Boot? Description of Verified Boot Components Q&A What Is Verified Boot? Verified Boot establishes a chain of

432 views • 19 slides
Flicker Free Boot Seamless boot for UEFI systems Presented by Hans de Goede Red Hat Desktop

Flicker Free Boot Seamless boot for UEFI systems Presented by Hans de Goede Red Hat Desktop

Flicker Free Boot Seamless boot for UEFI systems Presented by Hans de Goede Red Hat Desktop Hardware Enablement Team This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License Topics What / why? Pre-kernel:

434 views • 16 slides
Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October 15, 2014 Marek Va sut < marex@denx.de > Secure and flexible boot with U-Boot bootloader Marek Vasut Software engineer at DENX S.E. since

382 views • 35 slides
Discover UEFI with U-Boot 2020-02-01, Heinrich Schuchardt CC-BY-SA-4.0 About Me

Discover UEFI with U-Boot 2020-02-01, Heinrich Schuchardt CC-BY-SA-4.0 About Me

Discover UEFI with U-Boot 2020-02-01, Heinrich Schuchardt CC-BY-SA-4.0 About Me Software-Consultant ERP, Supply Chain Contributor to U-Boot since 2017 Maintainer of the UEFI sub-system since 02/2019 I Want a Network Drive Many

598 views • 28 slides
LaGOV LaGOV Version 1.0 Updated: August 18, 2008 Agenda Logistics, Ground Rules &

LaGOV LaGOV Version 1.0 Updated: August 18, 2008 Agenda Logistics, Ground Rules &

Asset Master Record Asset Master Record Asset Master Record FI- FI -AA AA- -02 02 FI-AA-02 August 19- -20, 2008 20, 2008 August 19 August 19-20, 2008 LaGOV LaGOV Version 1.0 Updated: August 18, 2008 Agenda Logistics, Ground

1.96k views • 142 slides
Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE

Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE

Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE Server class PowerPC KVM port Nested SVM Founding member of SUSE ARM team Booting on ARM Booting on ARM Boot ROM Booting on ARM Boot

2.09k views • 160 slides
ForgetMeNot: Memory-Aware Forensic Facial Sketch Matching Authors: Ouyang, Hospedales, Song, Li

ForgetMeNot: Memory-Aware Forensic Facial Sketch Matching Authors: Ouyang, Hospedales, Song, Li

ForgetMeNot: Memory-Aware Forensic Facial Sketch Matching Authors: Ouyang, Hospedales, Song, Li Slides by Josh Kelle 1 Overview VIPSL dataset experiment goals experiment results conclusion 2 VIPSL Dataset artist A B C D

377 views • 22 slides
The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley /

The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley /

The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Outline 1. The Bro Difference 2. Abstract Use Cases 3. From Post-Facto to

530 views • 23 slides
Topics in Security: Forensic Signal Analysis Markus Kuhn, Andrew Lewis Computer Laboratory

Topics in Security: Forensic Signal Analysis Markus Kuhn, Andrew Lewis Computer Laboratory

Fact or fiction? Topics in Security: Forensic Signal Analysis Markus Kuhn, Andrew Lewis Computer Laboratory http://www.cl.cam.ac.uk/teaching/0910/R08/ Michaelmas 2009 MPhil ACS Hans D. Baumann, DOCMA 3 Real Introductory examples:

491 views • 7 slides
Web Application Forensics HTTPD Logfile Security Analysis Jens Mller, Ruhr University Bochum

Web Application Forensics HTTPD Logfile Security Analysis Jens Mller, Ruhr University Bochum

Web Application Forensics HTTPD Logfile Security Analysis Jens Mller, Ruhr University Bochum jens.a.mueller@rub.de Scenario You got pwned The Log File Problem Log files are huge. We are lazy. How find important stuff? Still

873 views • 28 slides
Forensic Triage for Mobile Phones with DEC0DE Robert J. Walls Erik Learned-Miller Brian Neil

Forensic Triage for Mobile Phones with DEC0DE Robert J. Walls Erik Learned-Miller Brian Neil

Forensic Triage for Mobile Phones with DEC0DE Robert J. Walls Erik Learned-Miller Brian Neil Levine Department of Computer Science University of Massachusetts Amherst This work was supported in part by NSF award DUE-0830876.

968 views • 79 slides
Linguistics. Invitation to a Dialogue GSFL Roundtable 2017 Sune Auken University of Copenhagen

Linguistics. Invitation to a Dialogue GSFL Roundtable 2017 Sune Auken University of Copenhagen

Genre Research and Forensic Linguistics. Invitation to a Dialogue GSFL Roundtable 2017 Sune Auken University of Copenhagen (Not a forensic linguist by any count, not even a linguist (but quite fascinated)) In over my head (a humilitas trope)

354 views • 23 slides
Biometrics for Forensics: A few words with examples in Fingerprint, Face and Handwriting Prof.

Biometrics for Forensics: A few words with examples in Fingerprint, Face and Handwriting Prof.

15/01/2020 Biometrics for Forensics: A few words with examples in Fingerprint, Face and Handwriting Prof. Julian FIERREZ Universidad Autonoma de Madrid - SPAIN http://atvs.ii.uam.es/fierrez Julian Fierrez Winter School on Biometrics,

259 views • 9 slides
Learning Disability Community Forensic Services - A Workforce Skills Framework Lisa Proctor,

Learning Disability Community Forensic Services - A Workforce Skills Framework Lisa Proctor,

Learning Disability Community Forensic Services - A Workforce Skills Framework Lisa Proctor, Regional Workforce Specialist Midlands & East Health Education England Background NHSE - Building the Right Support 2015 A National Plan

296 views • 12 slides

More recommend