1 / 12

BSD Partitions

BSD Partitions. COEN 152/252 Computer Forensics. BSD Partitions. Some BSD systems use IA32 hardware Designed to co-exists with MS partitions. Use DOS partition table BSD partitions reside within a volume created by a DOS partition. BSD Partitions. Two DOS Partitions One NTSF

amelia-potter
Download Presentation

BSD Partitions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BSD Partitions COEN 152/252 Computer Forensics

  2. BSD Partitions • Some BSD systems use IA32 hardware • Designed to co-exists with MS partitions. • Use DOS partition table • BSD partitions reside within a volume created by a DOS partition

  3. BSD Partitions • Two DOS Partitions • One NTSF • One volume containing • 4 BSD partitions

  4. BSD Partitions • FreeBSD gives users access to all DOS partitions on hard drive. • Calls DOS Partition a slice. • Calls FreeBSD partition a partition

  5. BSD Partitions • Central data structure: • DISK Label • 276 Bytes • Hardware specification of the disk • Partition table with eight or sixteen BSD partitions

  6. BSD Partitions • BSD partition table • Starting sector of BSD partition (relative to disk, not volume) • Size of BSD partition • Partition type • Size of UFS file system fragments • Number of UFS file system fragments per block • Number of cylinders per UFS cylinder group.

  7. BSD Partitions • Partition types: • swap • UFS • FAT • unused

  8. BSD Partitions • Free BSD partition with device names added

  9. BSD Partitions • FreeBSD assigns a special device file to each partition and slice. • ‘a’ partition typically root • ‘b’ partition typically swap • ‘c’ partition usually the entire slice • FreeBSD allows access to all BSD partitions and all slices. • Investigation needs to cover the whole physical disk

  10. BSD Partitions • OpenBSD, NetBSD: • user only has access to partitions with entries in the BSD disk label structure • Unlike FreeBSD, disk label can describe partitions outside of the BSD volume • Once OpenBSD / NetBSD loads: • DOS partitions are ignored

  11. BSD Partitions • Volume layout: • Sector 0: boot-code • executed when the boot code in the MBR finds the bootable BSD-type partition • Sector 1: Disk label structure • Sector 2: Continuation of boot-code

  12. BSD Partitions • BSD disk label data structure: Brian Carrier: File System Forensics Analysis

More Related