Master Boot Record (MBR) A Forensic Perspective Villanova - PowerPoint PPT Presentation

Feb 16, 2024 •5 likes •65 views

Master Boot Record (MBR) A Forensic Perspective Villanova University Department of Computing Sciences D. Justin Price Spring 2014 Master Boot Record Occupies the first 512-byte sector Boot Code Assembly Language

Master Boot Record (MBR)   A Forensic Perspective Villanova University – Department of Computing Sciences – D. Justin Price – Spring 2014
Master Boot Record • Occupies the first 512-byte sector – Boot Code • Assembly Language – Disk Signature – Partition Table • Four Possible Entries (Primary / Extended) – Each entry had the following » Starting LBA address » Number of sectors in partition » Type of partition » Flags – Signature Value Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014
MBR Partition Table Byte Range Description 000-439 Boot Code 440-443 Disk Signature 446-461 Partition Entry #1 462-477 Partition Entry #2 478-493 Partition Entry #3 494-509 Partition Entry #4 510-511 Signature Value (0xAA55) Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014
000-439 Boot Code Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014
440-443 Disk Signature • Byte 440-443= 0x8bde8afa – Who Cares? Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014
446-461 MBR Partition Entry Byte Range Description Example 00-00 Bootable Flag (0x80 = Active) 0x80 = Active & Bootable 01-03 Starting CHS Address 04-04 Partition Type 0x07 = NTFS 05-07 Ending CHS Address 08-11 Starting LBA Address 0x0800 = 2,048 (Sector) 12-15 Size in Sectors 0x077FF000 = 125,825,024 Sectors Partition Types = www.datarecovery.com/hexcodes.asp Villanova University – Department of Computing Sciences – D. Justin Price – Digital Forensics - Spring 2014

Recommend

Master Boot Record (MBR) Created when the disk is

Operating Systems II Unit OS8: File System 8.5. Co-Loca+ng File Systems Prof. Dr. Andreas Polze, Andreas Grapentin, Bernhard Rabe Master Boot Record (MBR) Created when the disk is

922 views • 5 slides

GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR)

GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR) GUID Partition Table (GPT) Computer Center, CS, NCTU Unified Extensible Firmware Interface Legacy BIOS limitations 16-bit processor mode

474 views • 14 slides

Virus Infection Techniques: Boot Record Viruses Bill Harrison CS4440/7440 Malware Analysis and

Virus Infection Techniques: Boot Record Viruses Bill Harrison CS4440/7440 Malware Analysis and Defense Reading } Start reading Chapter 4 of Szor 2 Virus Infection Techniques } We will survey common locations of virus infections: MBR (Master

727 views • 49 slides

Pre-boot RAM acquisition and compression Martijn Bogaard Student of Master in System and

Pre-boot RAM acquisition and compression Martijn Bogaard Student of Master in System and Network Engineering University of Amsterdam 02 July 2015 Why memory forensics? What was the user doing? What applications were running? Is

535 views • 42 slides

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT. BOOT https://github.com/boot-clj/boot BOOT TEMPLATES boot -d seancorfield/boot-new new -t tenzing -n <name> [+a <option>]* $ cd

566 views • 22 slides

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device 3. The bootkit 4. Defending / Detecting 2 / 44 Introduction Vincent Works at KPN REDteam Likes Linux and low-level stu Located in Amsterdam

792 views • 44 slides

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are the transmitters of body movement to the ski. Proper support, comfort, and performance application make the difference between a good day on the snow

431 views • 29 slides

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0 Why Secure Boot? How can we prevent running malware at boot? With Secure Boot! What if the machine is a VM in

303 views • 15 slides

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is an innovative SPI tool created by DediProg to force the application controller to work (read, program, update..) on the backup memory inserted in the

1.06k views • 17 slides

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda What is Verified Boot? Description of Verified Boot Components Q&A What Is Verified Boot? Verified Boot establishes a chain of

432 views • 19 slides

Flicker Free Boot Seamless boot for UEFI systems Presented by Hans de Goede Red Hat Desktop

Flicker Free Boot Seamless boot for UEFI systems Presented by Hans de Goede Red Hat Desktop Hardware Enablement Team This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License Topics What / why? Pre-kernel:

434 views • 16 slides

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October 15, 2014 Marek Va sut < marex@denx.de > Secure and flexible boot with U-Boot bootloader Marek Vasut Software engineer at DENX S.E. since

382 views • 35 slides

Discover UEFI with U-Boot 2020-02-01, Heinrich Schuchardt CC-BY-SA-4.0 About Me

Discover UEFI with U-Boot 2020-02-01, Heinrich Schuchardt CC-BY-SA-4.0 About Me Software-Consultant ERP, Supply Chain Contributor to U-Boot since 2017 Maintainer of the UEFI sub-system since 02/2019 I Want a Network Drive Many

598 views • 28 slides

LaGOV LaGOV Version 1.0 Updated: August 18, 2008 Agenda Logistics, Ground Rules &

Asset Master Record Asset Master Record Asset Master Record FI- FI -AA AA- -02 02 FI-AA-02 August 19- -20, 2008 20, 2008 August 19 August 19-20, 2008 LaGOV LaGOV Version 1.0 Updated: August 18, 2008 Agenda Logistics, Ground

1.96k views • 142 slides

Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE

Marrying U-Boot, UEFI and grub About Me Alexander Graf KVM and QEMU developer for SUSE Server class PowerPC KVM port Nested SVM Founding member of SUSE ARM team Booting on ARM Booting on ARM Boot ROM Booting on ARM Boot

2.09k views • 160 slides

HOWTO: Boot an OS By Camille Lecuyer LSE Week - July 17 2013 2 PRESENTATION EPITA 2014 -

1 HOWTO: Boot an OS By Camille Lecuyer LSE Week - July 17 2013 2 PRESENTATION EPITA 2014 - GISTRE Not LSE team 3 SUMMARY BIOS UEFI Boot a Linux kernel Boot a Multiboot compliant kernel 4 BIOS 5 OVERVIEW Basic

788 views • 48 slides

Master Thesis Preparations: Modelling and Identification of the HalfWing Jonas Schlagenhauf

Master Thesis Preparations: Modelling and Identification of the HalfWing Jonas Schlagenhauf September 5, 2016 1 / 1 Objective of the master thesis NMPC of a constrained model airplane Develop system and tools Record data

517 views • 14 slides

Spring Cloud, Spring Boot and Netflix OSS http://localhost:4000/decks/cloud-boot-netflix.html

Spring Cloud, Spring Boot and Netflix OSS http://localhost:4000/decks/cloud-boot-netflix.html Spencer Gibb twitter: @spencerbgibb email: sgibb@pivotal.io Dave Syer twitter: @david_syer email: dsyer@pivotal.io ( Spring Boot and Netflix OSS or

471 views • 44 slides

Roadmap for Section 11.2 Windows Boot Process Shutdown Causes for Crashes Recovery Console and

Unit OS11: Performance Evaluation 11.2. Boot/Startup Troubleshooting Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 11.2 Windows Boot Process Shutdown Causes for Crashes

706 views • 28 slides

Record Type Families: Record type A Key to Generic Record Combinators families Record scheme

Record Type Families Wolfgang Jeltsch Introduction A simple selfmade record system Record Type Families: Record type A Key to Generic Record Combinators families Record scheme induction Wolfgang Jeltsch TT U K uberneetika

1.13k views • 23 slides

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski contact@paulk.fr Monday July 4 th 2016 Introducing Verified Boot and Related Issues Introducing Verified Boot and Related Issues Bootup Process BIOS History

947 views • 39 slides

Class of 2019 Parent Boot Camp Mrs. Harmon- College and Career Specialist Parent Boot Camp

Class of 2019 Parent Boot Camp Mrs. Harmon- College and Career Specialist Parent Boot Camp Agenda 1. Introduction- Mrs. Harmon 2. Warm-up activity 3. Application pointers- Coalition, Common and Institutional applications 4. Application

477 views • 25 slides

Boot Camp 2015 3/5/15 Abstracting & Coding Boot Camp: Cancer Case Scenarios 2014-2015

Boot Camp 2015 3/5/15 Abstracting & Coding Boot Camp: Cancer Case Scenarios 2014-2015 NAACCR Webinar Series March 5, 2015 Q&A Please submit all questions concerning webinar content through the Q&A panel. Reminder: If you

556 views • 12 slides