Analyzing Master Boot Record for Forensic Investigations
Ghania Al Sadi. Article: Analyzing Master Boot Record for Forensic Investigations. International Journal of Applied Information Systems 10(8):22-26, April 2016. BibTeX
@article{key:article, author = "Ghania Al Sadi", title = "Article: Analyzing Master Boot Record for Forensic Investigations", journal = "International Journal of Applied Information Systems", year = 2016, volume = 10, number = 8, pages = "22-26", month = "April", note = "Published by Foundation of Computer Science (FCS), NY, USA" }
Abstract
As a main knowledge, extracting information for examination to be used as evidence or even to recover lost data need a full understand of logical and physical storage media structure used to store the required information in the computer. In digital forensic analysis, Master Boot Record is captured to extract the required information of the hard disk to support the investigation process. This research is studying the MBR structure by providing an experiment of the MBR analysis.
Reference
- R. G. Minnich, “Operating System,” 2004.
- Microsoft, “Windows support for hard disks that are larger than 2 TB,” 2013. [Online]. Available: http://support.microsoft.com/kb/2581408#appliesto.
- P. ARNTZ, “Meet the Master Boot Record,” 2014. [Online].Available:https://blog.malwarebytes.org/security-threat/2014/09/meet-the-master-boot-record/.
- M. TechNet, “Master Boot Record,” 2011. [Online]. Available:http://technet.microsoft.com/enus/library/cc976786.aspx.
- M. TechNet, “Disk Concepts and Troubleshooting,” 2011.[Online].Available:http://technet.microsoft.com/en-us/library/cc977219.aspx.
- J. Gu and W. Ji, “A secure bootstrap based on trusted computing,” Proc. - 2009 Int. Conf. New Trends Inf. Serv. Sci. NISS 2009, no. 3, pp. 502–504, 2009.
- R. McKemmish, “What is forensic computing?,” Trends Issues Crime Crim. Justice, vol. 118, no. 118, pp. 1–6, 1999.
Keywords
MBR, Bootstrap, Partition Table, Magic Number, Forensic Investigation