Posts tagged with: security

MBR ~ Master Boot Record

Computer Forensic mostly dealing with a storage device like Flashdisk, Harddisk, CD, DVD, RAM, etc. There are two type of storage, volatile and non volatile. Dealing with volatile storage device like RAM is more difficult because when the Computer is turned off, the data inside will disappear and some evidence maybe would lost too. Dealing with non volatile memory like Flashdisk or Harddisk isn’t easy too. False method will make an evidence found on the memory won’t be valid anymore.

In the Harddisk, there is something called MBR or Master Boot Record. MBR contain a series of code which make the harddisk can boot the system. IBM is the one who make it well known by the world. Usually, MBR located in the first sector of the Harddisk. Some of MBR task are :
1. Record the partition table on the system, which contains the details of the partition of a storage device on the system.
2. Bootstrapping an operating system.
3. Identify individual storage media.

Partition table that exist in the MBR describe where the partition are put in the Harddisk. This scheme only availabe in the Intel x86 system and integrated in the BIOS of the system. This type of partitioning scheme make the partition divided into three types : Continue Reading

Slack Space

Again, in this post I’ll try to explain a thing that related to Computer Digital Forensic that is Slack Space.

In a Storage Device when a file is saved, it is stored in the beginning of a cluster. Cluster itself is like a directory in the storage. It consist of some sectors. Imagine a House fully contained with 50 cupboards that have 4 drawers each..
Get it? πŸ˜€
Lets say that this house is the harddisk, the cupboards is the cluster, while the drawers on each cupboard is the sector. So, we can say that this harddisk have 50 cluster and 4 sector on each cluster.
cmiiw.. πŸ˜›

Continue Reading

What is Unallocated Space?

When you’re installing an operating system on a new harddisk, do you notice that the installer said that our disk status is Unallocated? Or when you want to divide a harddisk into two or more partition, after the split the newly created partition also in the “Unallocated” status. So what is this unallocated called thing?

Unallocated space, or in the other word “free space”, is logical space on a hard drive that can be used by the system to put files on. Unallocated space is the opposite of “allocated” space, which means a place on the hard drive where there’s already files written or stored in it. Unallocated space is different from Slack space. The difference, in the unallocated space the system can put files in it, where in the slack space the system can’t put any files in it. Simple right?

Here’s an example. If we put a file into certain space on the hard drive, that part of the hard drive is now in allocated status because the file is using its space. When a space is in allocated status, no other files can be written to that space. If the file we stored is deleted then that space of the hard drive is now in the unallocated status. This means that we can put some files in it. Continue Reading

The Magic Number

Hoho, In this post I’ll explain a thing called “Magic Number”. Can you guess already what it is? Some kind of number that have a magical spell in it? some kind of magic trick that use numbers as its media? or the others?

Unfortunately, “magic number” in this post is not a thing related to magic itself literally. This magic number is a thing related about a file format. Originally, this kind of term was used for a specific set of 2-byte identifiers at the beginning of a file, but since any undecoded binary sequence can be regarded as a number, any feature of a file format which uniquely distinguishes it can be used for identification. Identify what? to identify a file format of course. Continue Reading

Backtrack’s Linux Header

Anyone got problem make or make install a software package on Backtrack?

If that happened, maybe you not yet installed Linux Header or Kernel Header.

Linux headers are the header files used by Linux system to compile the kernel and othe applications which depend on the symbol or structures defined in these header files, or we can say in other word linux header is like kernel modules.
An example can be wlan card drivers. If the driver does not have a binary matching with the running kernel, the driver needs to be compiled with the header file.

To configure Linux-header in order to enable us make and make install a package in Backtrack just follow these simple step.
Continue Reading