120 likes | 132 Views
BSD Partitions. COEN 152/252 Computer Forensics. BSD Partitions. Some BSD systems use IA32 hardware Designed to co-exists with MS partitions. Use DOS partition table BSD partitions reside within a volume created by a DOS partition. BSD Partitions. Two DOS Partitions One NTSF
E N D
BSD Partitions COEN 152/252 Computer Forensics
BSD Partitions • Some BSD systems use IA32 hardware • Designed to co-exists with MS partitions. • Use DOS partition table • BSD partitions reside within a volume created by a DOS partition
BSD Partitions • Two DOS Partitions • One NTSF • One volume containing • 4 BSD partitions
BSD Partitions • FreeBSD gives users access to all DOS partitions on hard drive. • Calls DOS Partition a slice. • Calls FreeBSD partition a partition
BSD Partitions • Central data structure: • DISK Label • 276 Bytes • Hardware specification of the disk • Partition table with eight or sixteen BSD partitions
BSD Partitions • BSD partition table • Starting sector of BSD partition (relative to disk, not volume) • Size of BSD partition • Partition type • Size of UFS file system fragments • Number of UFS file system fragments per block • Number of cylinders per UFS cylinder group.
BSD Partitions • Partition types: • swap • UFS • FAT • unused
BSD Partitions • Free BSD partition with device names added
BSD Partitions • FreeBSD assigns a special device file to each partition and slice. • ‘a’ partition typically root • ‘b’ partition typically swap • ‘c’ partition usually the entire slice • FreeBSD allows access to all BSD partitions and all slices. • Investigation needs to cover the whole physical disk
BSD Partitions • OpenBSD, NetBSD: • user only has access to partitions with entries in the BSD disk label structure • Unlike FreeBSD, disk label can describe partitions outside of the BSD volume • Once OpenBSD / NetBSD loads: • DOS partitions are ignored
BSD Partitions • Volume layout: • Sector 0: boot-code • executed when the boot code in the MBR finds the bootable BSD-type partition • Sector 1: Disk label structure • Sector 2: Continuation of boot-code
BSD Partitions • BSD disk label data structure: Brian Carrier: File System Forensics Analysis