Presentation is loading. Please wait.

Presentation is loading. Please wait.

BSD Partitions COEN 152/252 Computer Forensics. BSD Partitions Some BSD systems use IA32 hardware  Designed to co-exists with MS partitions.  Use DOS.

Published byTina Trench Modified over 10 years ago

Similar presentations

Presentation on theme: "BSD Partitions COEN 152/252 Computer Forensics. BSD Partitions Some BSD systems use IA32 hardware  Designed to co-exists with MS partitions.  Use DOS."— Presentation transcript:

1 BSD Partitions COEN 152/252 Computer Forensics

2 BSD Partitions Some BSD systems use IA32 hardware  Designed to co-exists with MS partitions.  Use DOS partition table  BSD partitions reside within a volume created by a DOS partition

3 BSD Partitions Two DOS Partitions  One NTSF  One volume containing 4 BSD partitions

4 BSD Partitions FreeBSD gives users access to all DOS partitions on hard drive. Calls DOS Partition a slice. Calls FreeBSD partition a partition

5 BSD Partitions Central data structure:  DISK Label  276 Bytes Hardware specification of the disk Partition table with eight or sixteen BSD partitions

6 BSD Partitions BSD partition table  Starting sector of BSD partition (relative to disk, not volume)  Size of BSD partition  Partition type  Size of UFS file system fragments  Number of UFS file system fragments per block  Number of cylinders per UFS cylinder group.

7 BSD Partitions Partition types:  swap  UFS  FAT  unused

8 BSD Partitions Free BSD partition with device names added

9 BSD Partitions FreeBSD assigns a special device file to each partition and slice.  ‘a’ partition typically root  ‘b’ partition typically swap  ‘c’ partition usually the entire slice FreeBSD allows access to all BSD partitions and all slices.  Investigation needs to cover the whole physical disk

10 BSD Partitions OpenBSD, NetBSD:  user only has access to partitions with entries in the BSD disk label structure  Unlike FreeBSD, disk label can describe partitions outside of the BSD volume  Once OpenBSD / NetBSD loads: DOS partitions are ignored

11 BSD Partitions Volume layout:  Sector 0: boot-code executed when the boot code in the MBR finds the bootable BSD-type partition  Sector 1: Disk label structure  Sector 2: Continuation of boot-code

12 BSD Partitions BSD disk label data structure: Brian Carrier: File System Forensics Analysis

Download ppt "BSD Partitions COEN 152/252 Computer Forensics. BSD Partitions Some BSD systems use IA32 hardware  Designed to co-exists with MS partitions.  Use DOS."

Similar presentations

Storage Management Lecture 7.

Storage Management Lecture 7.
Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.

Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.
Chapter 12: File System Implementation

Chapter 12: File System Implementation
File Management.

File Management.
Volume Analysis. What is a volume?  Carrier defines a volume: “… a collection of addressable sectors that an Operating System (OS) or application can.

Volume Analysis. What is a volume?  Carrier defines a volume: “… a collection of addressable sectors that an Operating System (OS) or application can.
Volume Analysis – Intro Chapter 4, Carrier 1.Volume structure 2.Volume analysis 3.Volume recovery

Volume Analysis – Intro Chapter 4, Carrier 1.Volume structure 2.Volume analysis 3.Volume recovery
Disk Fundamentals. More than one platter (round cylinders)

Disk Fundamentals. More than one platter (round cylinders)
Computer System Basics 2 Hard Drive Storage & File Partitions Computer Forensics BACS 371.

Computer System Basics 2 Hard Drive Storage & File Partitions Computer Forensics BACS 371.
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
04/21/2004CSCI 315 Operating Systems Design1 Disk Management.

04/21/2004CSCI 315 Operating Systems Design1 Disk Management.
File Management.

File Management.
计算机系 信息处理实验室 Lecture 5 Startup and Shutdown

计算机系 信息处理实验室 Lecture 5 Startup and Shutdown
BACS 371 Computer Forensics

BACS 371 Computer Forensics
The Sleuth Kit Brian Carrier Set of tools to analyze device images.

The Sleuth Kit Brian Carrier Set of tools to analyze device images.
Digital Forensics Module 11 CS 996. 4/26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.

Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 8 Macintosh and Linux Boot Processes and File Systems.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 8 Macintosh and Linux Boot Processes and File Systems.
Files & Partitions BACS 371 Computer Forensics. Data Hierarchy Computer Hard Disk Drive Partition File Physical File Logical File Cluster Sector Word.

Files & Partitions BACS 371 Computer Forensics. Data Hierarchy Computer Hard Disk Drive Partition File Physical File Logical File Cluster Sector Word.
Implementing Hard Drives Chapter 10

Implementing Hard Drives Chapter 10
Computer Forensics DOS Partitioning. Partitioning Practices  We separate partition practices into those used by Personal Computers:  DOS  Apple Servers.

Computer Forensics DOS Partitioning. Partitioning Practices  We separate partition practices into those used by Personal Computers:  DOS  Apple Servers.

Similar presentations

Ads by Google