Summerschool Aachen 2004/Forensics Lab
< Summerschool Aachen 2004
Revision as of 14:57, 5 October 2004 by 137.226.59.160 (talk) (→Analysing the ufs.image.gz file system image)
Notes on Presentations
Notes on Lab Session
Analysing the ufs.image.gz file system image
I looked at the image ufs.image (available from here). First I tried to recognise what file system it is. For this I used the header file fs.h that contains the structures and magic fields of the ufs and ufs2 file systems.
I first looked for the magic value of ufs2 ("0x19540119"). Just to check I looked for the ufs (1) magic value ("0x011954") which was not found.
George@GD216 ~/hdimage $ xxd.exe -a -g 4 ufs.image | grep "19015419" 0044550: 00000000 00000000 00000000 19015419 ..............T.
