Sleuth Kit Praktische Übungen: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 1: | Zeile 1: | ||
=Anzeigen der Partition Tabelle= | =Anzeigen der Partition Tabelle= | ||
| − | *mmls | + | *mmls debian1.dd |
<pre> | <pre> | ||
| − | + | DOS Partition Table | |
Offset Sector: 0 | Offset Sector: 0 | ||
Units are in 512-byte sectors | Units are in 512-byte sectors | ||
Slot Start End Length Description | Slot Start End Length Description | ||
| − | 000: Meta 0000000000 0000000000 0000000001 | + | 000: Meta 0000000000 0000000000 0000000001 Primary Table (#0) |
001: ------- 0000000000 0000002047 0000002048 Unallocated | 001: ------- 0000000000 0000002047 0000002048 Unallocated | ||
| − | 002: | + | 002: 000:000 0000002048 0005468159 0005466112 Linux Swap / Solaris x86 (0x82) |
| − | 003 | + | 003: 000:001 0005468160 0052426751 0046958592 Linux (0x83) |
| − | + | 004: ------- 0052426752 0052428799 0000002048 Unallocated | |
| − | + | ||
| − | |||
| − | |||
</pre> | </pre> | ||
| + | |||
=Anzeigen der EFI Partion= | =Anzeigen der EFI Partion= | ||
*fsstat -o 2048 rocky1.dd | *fsstat -o 2048 rocky1.dd | ||
Version vom 5. August 2024, 17:47 Uhr
Anzeigen der Partition Tabelle
- mmls debian1.dd
DOS Partition Table
Offset Sector: 0
Units are in 512-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Primary Table (#0)
001: ------- 0000000000 0000002047 0000002048 Unallocated
002: 000:000 0000002048 0005468159 0005466112 Linux Swap / Solaris x86 (0x82)
003: 000:001 0005468160 0052426751 0046958592 Linux (0x83)
004: ------- 0052426752 0052428799 0000002048 Unallocated
Anzeigen der EFI Partion
- fsstat -o 2048 rocky1.dd
FILE SYSTEM INFORMATION -------------------------------------------- File System Type: FAT32 OEM Name: mkfs.fat Volume ID: 0x73f9acca Volume Label (Boot Sector): NO NAME Volume Label (Root Directory): File System Type Label: FAT32 Next Free Sector (FS Info): 16776 Free Sector Count (FS Info): 1212032 Sectors before file system: 2048 File System Layout (in sectors) Total Range: 0 - 1228751 * Reserved: 0 - 31 ** Boot Sector: 0 ** FS Info Sector: 1 ** Backup Boot Sector: 6 * FAT 0: 32 - 1231 * FAT 1: 1232 - 2431 * Data Area: 2432 - 1228751 ** Cluster Area: 2432 - 1228751 *** Root Directory: 2432 - 2439 METADATA INFORMATION -------------------------------------------- Range: 2 - 19621126 Root Directory: 2 CONTENT INFORMATION -------------------------------------------- Sector Size: 512 Cluster Size: 4096 Total Cluster Range: 2 - 153291 FAT CONTENTS (in sectors) -------------------------------------------- 2432-2439 (8) -> EOF 2440-2447 (8) -> EOF 2448-2455 (8) -> EOF 2456-2463 (8) -> EOF 2464-4319 (1856) -> EOF 4320-4503 (184) -> EOF 4504-4511 (8) -> EOF 4512-6191 (1680) -> EOF 6192-8047 (1856) -> EOF 8048-9887 (1840) -> EOF 9888-11743 (1856) -> EOF 11744-16695 (4952) -> EOF 16736-16751 (16) -> EOF 16752-16759 (8) -> EOF