File structure is something that make up a file. File is the smaller form of a filesystem. A file can’t be called “file” when it is not structured. Structure of a file is important to make that file readable because when it is not properly structurized I bet the system won’t be able to read it. And I think there’s also a standarization of a file structure, so a pdf file named A will have the same structure as the B,C,D or the other pdf files. The file structure of each filetype is also different. An .avi files will have different file structure with a .doc file.
In this post I’ll try to explain about the structure of an mp3 file.Β Β π
Continue Reading
MBR ~ Master Boot Record
Computer Forensic mostly dealing with a storage device like Flashdisk, Harddisk, CD, DVD, RAM, etc. There are two type of storage, volatile and non volatile. Dealing with volatile storage device like RAM is more difficult because when the Computer is turned off, the data inside will disappear and some evidence maybe would lost too. Dealing with non volatile memory like Flashdisk or Harddisk isn’t easy too. False method will make an evidence found on the memory won’t be valid anymore.
In the Harddisk, there is something called MBR or Master Boot Record. MBR contain a series of code which make the harddisk can boot the system. IBM is the one who make it well known by the world. Usually, MBR located in the first sector of the Harddisk. Some of MBR task are :
1. Record the partition table on the system, which contains the details of the partition of a storage device on the system.
2. Bootstrapping an operating system.
3. Identify individual storage media.
Partition table that exist in the MBR describe where the partition are put in the Harddisk. This scheme only availabe in the Intel x86 system and integrated in the BIOS of the system. This type of partitioning scheme make the partition divided into three types : Continue Reading
Slack Space
Again, in this post I’ll try to explain a thing that related to Computer Digital Forensic that is Slack Space.
In a Storage Device when a file is saved, it is stored in the beginning of a cluster. Cluster itself is like a directory in the storage. It consist of some sectors. Imagine a House fully contained with 50 cupboards that have 4 drawers each..
Get it? π
Lets say that this house is the harddisk, the cupboards is the cluster, while the drawers on each cupboard is the sector. So, we can say that this harddisk have 50 cluster and 4 sector on each cluster.
cmiiw.. π
Continue Reading
What is Unallocated Space?
When you’re installing an operating system on a new harddisk, do you notice that the installer said that our disk status is Unallocated? Or when you want to divide a harddisk into two or more partition, after the split the newly created partition also in the “Unallocated” status. So what is this unallocated called thing?
Unallocated space, or in the other word “free space”, is logical space on a hard drive that can be used by the system to put files on. Unallocated space is the opposite of “allocated” space, which means a place on the hard drive where there’s already files written or stored in it. Unallocated space is different from Slack space. The difference, in the unallocated space the system can put files in it, where in the slack space the system can’t put any files in it. Simple right?
Here’s an example. If we put a file into certain space on the hard drive, that part of the hard drive is now in allocated status because the file is using its space. When a space is in allocated status, no other files can be written to that space. If the file we stored is deleted then that space of the hard drive is now in the unallocated status. This means that we can put some files in it. Continue Reading
The Magic Number
Hoho, In this post I’ll explain a thing called “Magic Number”. Can you guess already what it is? Some kind of number that have a magical spell in it? some kind of magic trick that use numbers as its media? or the others?
Unfortunately, “magic number” in this post is not a thing related to magic itself literally. This magic number is a thing related about a file format. Originally, this kind of term was used for a specific set of 2-byte identifiers at the beginning of a file, but since any undecoded binary sequence can be regarded as a number, any feature of a file format which uniquely distinguishes it can be used for identification. Identify what? to identify a file format of course. Continue Reading