Partions Session 17 Amzb

MEDIA AND STORAGE Session 17

Recapping 

We have cover both Microsoft and Unix files system

Today 

Introduction to ACW2  Covering   



each ACW

ACW2 session (Needed to complete ACW) expected deliveries Dates both parts in and out

Partitioning

Learning Outcomes 

  

Be able to show and demonstrate knowledge the difference between Physical drive Primary partition Logical partition

ACW2 information ACW2 information Media and storage

ACW2 part3 

Forensic examination of a forensic image  Examining  Reporting

a Forensically sound image

your findings  2000 words

Final handin  All

three parts  Critical commentary  Copy of all notes  Appendix

partitions partitions Media and storage

Physical drive 

In the current IBM PC architecture  there

is a partition table in the drive's Master Boot Record  The MBR lists information about the partitions on the hard drive.  This partition table is then further split into 4 partition table entries  Due to this it is only possible to have four partitions.

Primary partition 





These 4 partitions are typically known as primary partitions. To overcome this restriction, system developers decided to add a new type of partition called the extended partition. By replacing one of the four primary partitions with an extended partition, you can then make an additional 24 logical partitions within the extended one.

Primary/Logical partition     

Partition Table Primary Partition Primary Partition Primary Partition Primary Partition   

#1 #2 #3 #4

(Extended Partition) Logical Partition #1 Logical Partition #2

As you can see, this partition table is broken up into 4 primary partitions.  The fourth partition, though, has been flagged as an extended partition.  This allows us to make more logical partitions under that extended partition and therefore bypassing the 4 partition limit. 







Each hard drive also has one of its possible 4 partitions flagged as an active partition. The active partition is a special flag assigned to only one partition on a hard drive that the Master Boot Record (MBR) uses to boot your computer into an operating system. As only one partition may be set as the active partition, you may be wondering how people can have multiple operating systems installed on different partitions, and yet still be able to use them all.









This is accomplished by installing a boot loader in the active partition. When the computer starts, it will read the MBR and determine the partition that is flagged as active. This partition is the one that contains the boot loader. When the operating system boots off of this partition the boot loader will start and allow you to choose which operating systems you would like to boot from.

Recovery 

GPart, Partition recovery tool  Can

be use to Retrieve Partitions damaged or Altered  This will change the disc/image