Research Article

Analyzing Master Boot Record for Forensic Investigations

by  Ghania Al Sadi
journal cover
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 10 - Issue 8
Published: April 2016
Authors: Ghania Al Sadi
10.5120/ijais2016451541
PDF

Ghania Al Sadi . Analyzing Master Boot Record for Forensic Investigations. International Journal of Applied Information Systems. 10, 8 (April 2016), 22-26. DOI=10.5120/ijais2016451541 

                        @article{ 10.5120/ijais2016451541,
                        author  = { Ghania Al Sadi },
                        title   = { Analyzing Master Boot Record for Forensic Investigations },
                        journal = { International Journal of Applied Information Systems },
                        year    = { 2016 },
                        volume  = { 10 },
                        number  = { 8 },
                        pages   = { 22-26 },
                        doi     = { 10.5120/ijais2016451541 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2016
                        %A Ghania Al Sadi
                        %T Analyzing Master Boot Record for Forensic Investigations%T 
                        %J International Journal of Applied Information Systems
                        %V 10
                        %N 8
                        %P 22-26
                        %R 10.5120/ijais2016451541
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

As a main knowledge, extracting information for examination to be used as evidence or even to recover lost data need a full understand of logical and physical storage media structure used to store the required information in the computer. In digital forensic analysis, Master Boot Record is captured to extract the required information of the hard disk to support the investigation process. This research is studying the MBR structure by providing an experiment of the MBR analysis.

References
  • R. G. Minnich, “Operating System,” 2004.
  • Microsoft, “Windows support for hard disks that are larger than 2 TB,” 2013. [Online]. Available: http://support.microsoft.com/kb/2581408#appliesto.
  • P. ARNTZ, “Meet the Master Boot Record,” 2014. [Online].Available:https://blog.malwarebytes.org/security-threat/2014/09/meet-the-master-boot-record/.
  • M. TechNet, “Master Boot Record,” 2011. [Online]. Available:http://technet.microsoft.com/enus/library/cc976786.aspx.
  • M. TechNet, “Disk Concepts and Troubleshooting,” 2011.[Online].Available:http://technet.microsoft.com/en-us/library/cc977219.aspx.
  • J. Gu and W. Ji, “A secure bootstrap based on trusted computing,” Proc. - 2009 Int. Conf. New Trends Inf. Serv. Sci. NISS 2009, no. 3, pp. 502–504, 2009.
  • R. McKemmish, “What is forensic computing?,” Trends Issues Crime Crim. Justice, vol. 118, no. 118, pp. 1–6, 1999.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

MBR Bootstrap Partition Table Magic Number Forensic Investigation

Powered by PhDFocusTM