Difference between revisions of "Summerschool Aachen 2004/Forensics Lab"
| Line 6: | Line 6: | ||
=== Analysing the ufs.image.gz file system image === | === Analysing the ufs.image.gz file system image === | ||
| − | I looked at the image ufs.image (available from [http://discovery.informatik.rwth-aachen.de/pub/summerschool/Forensics/DiskImages/ufs.image.gz here]). | + | I looked at the image ufs.image (available from [http://discovery.informatik.rwth-aachen.de/pub/summerschool/Forensics/DiskImages/ufs.image.gz here]). First I tried to recognise what file system it is. For this I used the header file [http://fxr.watson.org/fxr/source/ufs/ffs/fs.h fs.h] that contains the structures and magic fields of the ufs and ufs2 file systems. |
| − | |||
| − | First I tried to recognise what file system it is. For this I used the header file [http://fxr.watson.org/fxr/source/ufs/ffs/fs.h fs.h] that contains the structures and magic fields of the ufs and ufs2 file systems. | ||
Revision as of 14:51, 5 October 2004
Notes on Presentations
Notes on Lab Session
Analysing the ufs.image.gz file system image
I looked at the image ufs.image (available from here). First I tried to recognise what file system it is. For this I used the header file fs.h that contains the structures and magic fields of the ufs and ufs2 file systems.
