Sleuth Kit Praktische Übungen
Version vom 5. August 2024, 17:16 Uhr von Thomas.will (Diskussion | Beiträge) (→Anzeigen der Partition Tabelle)
Anzeigen der Partition Tabelle
- mmls rocky1.dd
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 512-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Safety Table
001: ------- 0000000000 0000002047 0000002048 Unallocated
002: Meta 0000000001 0000000001 0000000001 GPT Header
003: Meta 0000000002 0000000033 0000000032 Partition Table
004: 000 0000002048 0001230847 0001228800 EFI System Partition
005: 001 0001230848 0003327999 0002097152
006: 002 0003328000 0062912511 0059584512
007: ------- 0062912512 0062914559 0000002048 Unallocated
Anzeigen der EFI Partion
- fsstat -o 2048 rocky1.dd
FILE SYSTEM INFORMATION -------------------------------------------- File System Type: FAT32 OEM Name: mkfs.fat Volume ID: 0x73f9acca Volume Label (Boot Sector): NO NAME Volume Label (Root Directory): File System Type Label: FAT32 Next Free Sector (FS Info): 16776 Free Sector Count (FS Info): 1212032 Sectors before file system: 2048 File System Layout (in sectors) Total Range: 0 - 1228751 * Reserved: 0 - 31 ** Boot Sector: 0 ** FS Info Sector: 1 ** Backup Boot Sector: 6 * FAT 0: 32 - 1231 * FAT 1: 1232 - 2431 * Data Area: 2432 - 1228751 ** Cluster Area: 2432 - 1228751 *** Root Directory: 2432 - 2439 METADATA INFORMATION -------------------------------------------- Range: 2 - 19621126 Root Directory: 2 CONTENT INFORMATION -------------------------------------------- Sector Size: 512 Cluster Size: 4096 Total Cluster Range: 2 - 153291 FAT CONTENTS (in sectors) -------------------------------------------- 2432-2439 (8) -> EOF 2440-2447 (8) -> EOF 2448-2455 (8) -> EOF 2456-2463 (8) -> EOF 2464-4319 (1856) -> EOF 4320-4503 (184) -> EOF 4504-4511 (8) -> EOF 4512-6191 (1680) -> EOF 6192-8047 (1856) -> EOF 8048-9887 (1840) -> EOF 9888-11743 (1856) -> EOF 11744-16695 (4952) -> EOF 16736-16751 (16) -> EOF 16752-16759 (8) -> EOF