Understand the Partition Table within Master Boot Record (MBR) | Digital Forensics | File System

preview_player
Показать описание
The Master Boot Record (MBR) is the first sector of the hard disk. The BIOS boot code looks to the first sector of the default drive, which contains the MBR. The MBR contains three components,
1. executable code called the master boot code.
2. The partition table for the disk.
3. The disk signature.
The boot loader looks for the active partition in the table and loads the first sector in that partition.
That sector is known as the Partition Boot Record. The Partition Boot Record will then start the process of loading the operating system.
The last two sectors of the MBR contain a two-byte structure called a signature word or end-of-sector marker, which is always set to 0x55AA.

Please consider sharing my videos.
Digital Forensic Investigation Case in OpenText EnCase 23 | Part 1 How to add evidence files
Discover Cybersecurity Degree in the UK 2024 | Uncover the Secrets to Choosing the Right University
How to Write Project Proposal using ChatGPT for UG, MSc, and PhD | Full Tutorial
Penetration Testing & Ethical Hacking | XMAS scan Vs SYN scan | Understand them U Nmap and WireShark
How to get network connection information ( telnet ) from RAM memory? Using volatility 3. Password ?
How to make a Forensic Image with FTK Imager | Forensic Acquisition in Windows | Physical Disk Image
  1. CyDig Cyber Security Digital Forensics Education
  2. digital forensics
  3. digital forensics tutorial
  4. digital forensics cyber security
  5. cfreds
  6. windows registry
Рекомендации по теме
Understand the Partition 0:09:46

Understand the Partition Table within Master Boot Record (MBR) | Digital Forensics | File System

MBR and GPT 0:06:25

MBR and GPT Partition Tables

MSSQL - What 0:05:49

MSSQL - What is Table Partitioning Explained

MBR and GPT 0:10:42

MBR and GPT Partition Tables

What are Drive 0:06:16

What are Drive Partitions?

What is Master 0:04:25

What is Master Boot Record (MBR) ?

BIOS, UEFI, MBR, 0:08:14

BIOS, UEFI, MBR, GPT, Primary, Extended and Logical Partition Types Explained

Master Partition Table 0:25:17

Master Partition Table Concepts

How to Check 0:00:25

How to Check Hard Disk Partition Style: MBR or GPT on Windows

Write your own 0:40:43

Write your own Operating System B01: Partition Table

Intermediate SQL Tutorial 0:04:14

Intermediate SQL Tutorial | Partition By

GUID Partition Table 0:00:58

GUID Partition Table (GPT) partitioning - 5 THINGS YOU SHOULD KNOW

How to use 0:17:23

How to use Manual Partitions | GPT vs MBR Disk Partition Structure

Creating Partitions In 0:16:39

Creating Partitions In Linux Using fdisk (and other tools)

How to find 0:01:44

How to find out the partition scheme on a PC - GPT or MBR.Windows XP, 7, 8.1 and 10. In Rufus

11.4 MBR structure, 0:06:15

11.4 MBR structure, extended partition table, primary and secondary partitions

PostgreSQL Partitioning Tutorial 0:11:43

PostgreSQL Partitioning Tutorial

Secret To Optimizing 0:05:57

Secret To Optimizing SQL Queries - Understand The SQL Execution Order

Ubuntu 24.04 | 0:03:52

Ubuntu 24.04 | Manual partitioning during Linux installation

327 what is 0:00:44

327 what is a partition table?

Recommended Linux Partitions 0:03:39

Recommended Linux Partitions for any Linux ! Your One Stop Guide to Manual Disk Partitions in Linux

How to Convert 0:00:17

How to Convert MBR to GPT Disk with AOMEI Partition Assistant #shorts

How To Know 0:01:18

How To Know Disk Partition Type GPT or MBR In Computer

Postgres scales … 0:09:59

Postgres scales … when you do this!

Комментарии
Автор

Hey! Thank you for the video, i wanna see more stuff on file carving, GPT analysis and extended partition analysis. I am actually just getting starting into forensics and found your video really helpful to understand the structure of DOS|MBR partitioned drives, furthermore i have downloaded the raw disk images you mentioned and have examined the second partition entry metadata.
1- first byte set to 0x00 indicating this as non-bootable partition
2- partition type value to 0x07, indicating NTFS partition(FS type is NTFS)
3- starting LBA address -> 0x32800 = 206, 848 -> starting in-file offset ->
4-size of the partition in sectors 0x27CD000 -> size of the partition in bytes 21367881728 =~21GB

BluEye-xu
Автор

good explanation. I prefer the Active Disk Editor for MBR analysis, because of the templates and color segmentation.

BufferTheHutt
Автор

Hi All, I hope you enjoy my videos. Could I ask you to support my channel by sharing my videos to help it grow? Don't forget to like and subscribe. Also, if you'd like me to create a new video on any topic related to cyber security and digital forensics, just let me know.

CyDig