mike mabey cse 598 – spring 2010nishanth kotha venkata a robot for google wave
TRANSCRIPT
MotivationGoogle Wave – Collaboration toolJava vs. PythonCourse knowledgeOpen source extension
3
Master Boot Record (MBR)It is the first 512 bytes of the hard disk (sector 0).It performs the following activities:
Scans the partition table for active partitionsFind the starting sector of the active partitionLoads a copy of the boot sector from the active
partition into memory.
Note: Although every partitioned hard disk contains an MBR, the master boot code is used only if the disk contains an active, primary partition.
4
Master Boot Record (MBR)
5
Byte Range Description
0 – 445 Boot Code
446 – 461 Partition Table Entry #1
461 – 477 Partition Table Entry #1
478 - 493 Partition Table Entry #1
494 - 509 Partition Table Entry #1
510 – 511 Signature value (0x55AA)
MAC AttributesDate Analysis
Time Analysis
7
4 3 2 1 0 8 7 6 5 15 14 13 12 11 10 9
Year (0 – 127) Month(1 – 12) Day(1 – 31)1980 - 2107
4 3 2 1 0 10 9 8 7 6 5 15 14 13 12 11
Hour (0-23) Minute (0 – 59) Second (0 – 29)
ForensieStart using Forensie by:
Having a Wave accountAdding [email protected] as a contactStart waving
Project home page:http://code.google.com/p/forensie/
ApplicationsGood experience for authors
Provided hands-on knowledge of WaveMobile and decentralized access to forensic
analysis toolPaired with a hex editor, give a very quick
and easy to use tool to discover basic hard drive structure
Very easy to share analysis with another Wave user
12
Future WorkSupport attaching files to a blip for analysis
Wave currently doesn’t allow robots to access files
FAT analysis for simulation and trainingSupport more file system types:
NTFSHFS
Image file reconstructionTry adding valid header & footer to corrupt fileMake new file available for download/preview
13