Sleuth Kit Praktische Übungen: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Anzeigen der Partition Tabelle= *mmls rocky1.dd <pre> GUID Partition Table (EFI) Offset Sector: 0 Units are in 512-byte sectors Slot Start…“) |
|||
| Zeile 15: | Zeile 15: | ||
006: 002 0003328000 0062912511 0059584512 | 006: 002 0003328000 0062912511 0059584512 | ||
007: ------- 0062912512 0062914559 0000002048 Unallocated | 007: ------- 0062912512 0062914559 0000002048 Unallocated | ||
| + | </pre> | ||
| + | =Anzeigen der EFI Partion= | ||
| + | *fsstat -o 2048 rocky1.dd | ||
| + | <pre> | ||
| + | FILE SYSTEM INFORMATION | ||
| + | -------------------------------------------- | ||
| + | File System Type: FAT32 | ||
| + | |||
| + | OEM Name: mkfs.fat | ||
| + | Volume ID: 0x73f9acca | ||
| + | Volume Label (Boot Sector): NO NAME | ||
| + | Volume Label (Root Directory): | ||
| + | File System Type Label: FAT32 | ||
| + | Next Free Sector (FS Info): 16776 | ||
| + | Free Sector Count (FS Info): 1212032 | ||
| + | |||
| + | Sectors before file system: 2048 | ||
| + | |||
| + | File System Layout (in sectors) | ||
| + | Total Range: 0 - 1228751 | ||
| + | * Reserved: 0 - 31 | ||
| + | ** Boot Sector: 0 | ||
| + | ** FS Info Sector: 1 | ||
| + | ** Backup Boot Sector: 6 | ||
| + | * FAT 0: 32 - 1231 | ||
| + | * FAT 1: 1232 - 2431 | ||
| + | * Data Area: 2432 - 1228751 | ||
| + | ** Cluster Area: 2432 - 1228751 | ||
| + | *** Root Directory: 2432 - 2439 | ||
| + | |||
| + | METADATA INFORMATION | ||
| + | -------------------------------------------- | ||
| + | Range: 2 - 19621126 | ||
| + | Root Directory: 2 | ||
| + | |||
| + | CONTENT INFORMATION | ||
| + | -------------------------------------------- | ||
| + | Sector Size: 512 | ||
| + | Cluster Size: 4096 | ||
| + | Total Cluster Range: 2 - 153291 | ||
| + | |||
| + | FAT CONTENTS (in sectors) | ||
| + | -------------------------------------------- | ||
| + | 2432-2439 (8) -> EOF | ||
| + | 2440-2447 (8) -> EOF | ||
| + | 2448-2455 (8) -> EOF | ||
| + | 2456-2463 (8) -> EOF | ||
| + | 2464-4319 (1856) -> EOF | ||
| + | 4320-4503 (184) -> EOF | ||
| + | 4504-4511 (8) -> EOF | ||
| + | 4512-6191 (1680) -> EOF | ||
| + | 6192-8047 (1856) -> EOF | ||
| + | 8048-9887 (1840) -> EOF | ||
| + | 9888-11743 (1856) -> EOF | ||
| + | 11744-16695 (4952) -> EOF | ||
| + | 16736-16751 (16) -> EOF | ||
| + | 16752-16759 (8) -> EOF | ||
</pre> | </pre> | ||
Version vom 5. August 2024, 17:16 Uhr
Anzeigen der Partition Tabelle
- mmls rocky1.dd
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 512-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Safety Table
001: ------- 0000000000 0000002047 0000002048 Unallocated
002: Meta 0000000001 0000000001 0000000001 GPT Header
003: Meta 0000000002 0000000033 0000000032 Partition Table
004: 000 0000002048 0001230847 0001228800 EFI System Partition
005: 001 0001230848 0003327999 0002097152
006: 002 0003328000 0062912511 0059584512
007: ------- 0062912512 0062914559 0000002048 Unallocated
Anzeigen der EFI Partion
- fsstat -o 2048 rocky1.dd
FILE SYSTEM INFORMATION -------------------------------------------- File System Type: FAT32 OEM Name: mkfs.fat Volume ID: 0x73f9acca Volume Label (Boot Sector): NO NAME Volume Label (Root Directory): File System Type Label: FAT32 Next Free Sector (FS Info): 16776 Free Sector Count (FS Info): 1212032 Sectors before file system: 2048 File System Layout (in sectors) Total Range: 0 - 1228751 * Reserved: 0 - 31 ** Boot Sector: 0 ** FS Info Sector: 1 ** Backup Boot Sector: 6 * FAT 0: 32 - 1231 * FAT 1: 1232 - 2431 * Data Area: 2432 - 1228751 ** Cluster Area: 2432 - 1228751 *** Root Directory: 2432 - 2439 METADATA INFORMATION -------------------------------------------- Range: 2 - 19621126 Root Directory: 2 CONTENT INFORMATION -------------------------------------------- Sector Size: 512 Cluster Size: 4096 Total Cluster Range: 2 - 153291 FAT CONTENTS (in sectors) -------------------------------------------- 2432-2439 (8) -> EOF 2440-2447 (8) -> EOF 2448-2455 (8) -> EOF 2456-2463 (8) -> EOF 2464-4319 (1856) -> EOF 4320-4503 (184) -> EOF 4504-4511 (8) -> EOF 4512-6191 (1680) -> EOF 6192-8047 (1856) -> EOF 8048-9887 (1840) -> EOF 9888-11743 (1856) -> EOF 11744-16695 (4952) -> EOF 16736-16751 (16) -> EOF 16752-16759 (8) -> EOF