Sleuth Kit Praktische Übungen
Version vom 5. August 2024, 17:47 Uhr von Thomas.will (Diskussion | Beiträge) (→Anzeigen der Partition Tabelle)
Anzeigen der Partition Tabelle
- mmls debian1.dd
DOS Partition Table
Offset Sector: 0
Units are in 512-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Primary Table (#0)
001: ------- 0000000000 0000002047 0000002048 Unallocated
002: 000:000 0000002048 0005468159 0005466112 Linux Swap / Solaris x86 (0x82)
003: 000:001 0005468160 0052426751 0046958592 Linux (0x83)
004: ------- 0052426752 0052428799 0000002048 Unallocated
Anzeigen der EFI Partion
- fsstat -o 2048 rocky1.dd
FILE SYSTEM INFORMATION -------------------------------------------- File System Type: FAT32 OEM Name: mkfs.fat Volume ID: 0x73f9acca Volume Label (Boot Sector): NO NAME Volume Label (Root Directory): File System Type Label: FAT32 Next Free Sector (FS Info): 16776 Free Sector Count (FS Info): 1212032 Sectors before file system: 2048 File System Layout (in sectors) Total Range: 0 - 1228751 * Reserved: 0 - 31 ** Boot Sector: 0 ** FS Info Sector: 1 ** Backup Boot Sector: 6 * FAT 0: 32 - 1231 * FAT 1: 1232 - 2431 * Data Area: 2432 - 1228751 ** Cluster Area: 2432 - 1228751 *** Root Directory: 2432 - 2439 METADATA INFORMATION -------------------------------------------- Range: 2 - 19621126 Root Directory: 2 CONTENT INFORMATION -------------------------------------------- Sector Size: 512 Cluster Size: 4096 Total Cluster Range: 2 - 153291 FAT CONTENTS (in sectors) -------------------------------------------- 2432-2439 (8) -> EOF 2440-2447 (8) -> EOF 2448-2455 (8) -> EOF 2456-2463 (8) -> EOF 2464-4319 (1856) -> EOF 4320-4503 (184) -> EOF 4504-4511 (8) -> EOF 4512-6191 (1680) -> EOF 6192-8047 (1856) -> EOF 8048-9887 (1840) -> EOF 9888-11743 (1856) -> EOF 11744-16695 (4952) -> EOF 16736-16751 (16) -> EOF 16752-16759 (8) -> EOF