Download pdf - File GUID Partition System Table Forensics Partitioningthenry/csc487/video/14_GPT_Partitioning.pdfPartitioning GPT Partitioning GUID Partition Table-Used on Intel IA64 (EFI) Systems-Supports

Transcript
Page 1: File GUID Partition System Table Forensics Partitioningthenry/csc487/video/14_GPT_Partitioning.pdfPartitioning GPT Partitioning GUID Partition Table-Used on Intel IA64 (EFI) Systems-Supports

FileSystemForensics

THINK BIG WE DO

U R Ihttp://www.forensics.cs.uri.edu

Digital Forensics CenterDepartment of Computer Science and Statics

GUID Partition Table

Partitioning

GUID Partition Table

Partitioning

GPT PartitioningGUID Partition Table- Used on Intel IA64 (EFI) Systems- Supports up to 128 Partitions- 64-bit (8 byte) LBA addressing

GUID (Globally Unique Identifier)- Uses 128-bit unique identifiers for- Partition Type- Partition Identifier

Required for Boot Partitions- Microsoft Windows on an EFI System- Mac OS X

GPT PartitioningProtective MBR- Allows compatibility with older systems- Single MBR Partition of type 0xEEPrimary GPT Header- General Layout of the diskPartition Entries- Description of Each PartitionPartition AreaBackup Partition EntriesSecondary GPT Header- Backup Copies- Last Sectors of Disk

Protective MBR

Primary GPT Header

Partition Entries

Partition 1

Partition 2

. . .Other Partitions

. . .

Secondary Partition Entries

Secondary GPT Header

012

34

End of Disk (EOD)EOD-1

EOD-33

GPT PartitioningProtective MBR

Primary GPT Header

Partition Entries

Partition 1

Partition 2

. . .Other Partitions

. . .

Secondary Partition Entries

Secondary GPT Header

012

34

(EOD)EOD-1

EOD-33

Decimal Hex Primary GPT Header0 00 Signature “EFI PART”8 08 Version12 0C GPT Size in Bytes (92)16 10 CRC32 Checksum of GPT Header20 14 Reserved24 18 LBA of Current GPT Structure32 20 LBA of Other GPT Structure40 28 Start LBA of Partition Area48 30 End LBA of Partition Area56 38 Disk GUID72 48 Start LBA of Partition Entries80 50 Number of Entries in Partition Table 84 54 Size of Each Partition Table Entry88 58 CRC32 Checksum of Partition Table92 5C Reserved

Primary GPT Header

GPT PartitioningProtective MBR

Primary GPT Header

Partition Entries

Partition 1

Partition 2

. . .Other Partitions

. . .

Secondary Partition Entries

Secondary GPT Header

012

34

(EOD)EOD-1

EOD-33

Decimal Hex Partition Entry in Partition Table (128 bytes)0 00 Partition Type GUID (128-bits)16 10 Unique Partition GUID (128-bits)32 20 Starting LBA of Partition40 28 Ending LBA of Partition48 30 Partition Attributes56 38 Partition Name in Unicode

Partition Entries

Microsoft Windows limits the number of partition

table entries to 128.

32 sectors = 128 entries ÷ 4 entries per sector

THINK BIG WE DO

U R Ihttp://www.forensics.cs.uri.edu

Digital Forensics CenterDepartment of Computer Science and Statics

GUID Partition Table Partitioning

GUID Partition Table Partitioning

Timothy Henry
00:00
Timothy Henry
00:16
Timothy Henry
02:02
Timothy Henry
04:09
Timothy Henry
07:55
Timothy Henry
10:49
Timothy Henry

Recommended

A freemans guid
A freemans guid Documents
Seebichl Holiday Guid
Seebichl Holiday Guid Documents
GUID Partition Table (GPT) - Intel · GUID Partition Table (GPT) How to install an Operating System (OS) using the GUID Disk Partition Table (GPT) on an Intel® Hardware RAID (HWR)
GUID Partition Table (GPT) - Intel · GUID Partition Table (GPT) How to install an Operating System (OS) using the GUID Disk Partition Table (GPT) on an Intel® Hardware RAID (HWR) Documents
February Homes Guid
February Homes Guid Documents
Thomas Schneider Senior Technical Instructor IT-Jogging …€¦ ·  · 2015-11-12• All fresh installations of vSphere 5.5 use the GUID Partition Table ... With vSphere 5.1 and
Thomas Schneider Senior Technical Instructor IT-Jogging …€¦ ·  · 2015-11-12• All fresh installations of vSphere 5.5 use the GUID Partition Table ... With vSphere 5.1 and Documents
Relationship of Nt Guid to Condy Guid in Mandibular Movement
Relationship of Nt Guid to Condy Guid in Mandibular Movement Documents
MANUALE DELL‘UTENTE - fantec.de · GPT (GUID Partition Table) FANTEC QB-X2US3R 2-BAY 3.5" RAID 16 2. Inizializzare HDD 3. Cliccare su „cancella“ > scegliere un formato dati
MANUALE DELL‘UTENTE - fantec.de · GPT (GUID Partition Table) FANTEC QB-X2US3R 2-BAY 3.5" RAID 16 2. Inizializzare HDD 3. Cliccare su „cancella“ > scegliere un formato dati Documents
Newborn Welcome Guid
Newborn Welcome Guid Documents
Master File Table File NTFS $MFT System Master File Table …thenry/csc487/video/62_MFT_Layout.pdf · MFT Record Header. NTFS Partition. MFT . MFT File Record. Header Attribute Unused
Master File Table File NTFS $MFT System Master File Table …thenry/csc487/video/62_MFT_Layout.pdf · MFT Record Header. NTFS Partition. MFT . MFT File Record. Header Attribute Unused Documents
GUID Partition Table
GUID Partition Table Documents
Financial Aid Guid
Financial Aid Guid Documents
Reading_ECOFIN_STUDY GUID
Reading_ECOFIN_STUDY GUID Documents
Relay Setting Guid
Relay Setting Guid Documents
Create GUID
Create GUID Documents
GUID Partition Table · 2015. 10. 8. · GUID Partition Table (7/9) Partition entries (LBA 2) Offset Length Contents 0 16 bytes Partition type GUID 16 16 bytes Unique partition GUID
GUID Partition Table · 2015. 10. 8. · GUID Partition Table (7/9) Partition entries (LBA 2) Offset Length Contents 0 16 bytes Partition type GUID 16 16 bytes Unique partition GUID Documents
cproj config guid
cproj config guid Documents
Hesi Study Guid
Hesi Study Guid Documents
Plc Engineering Guid
Plc Engineering Guid Documents