Linux055 From Inode To File

Uploaded by

MotivatioNet

0% found this document useful (0 votes)

8 views9 pages

Original Title

linux055-from-inode-to-file

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

8 views9 pages

Linux055 From Inode To File

Uploaded by

MotivatioNet

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 9

Search inside document

Linux Forensics

Dr. Phil Polstra @ppolstra

PhD, CISSP, CEH http://philpolstra.com
Certifications:
http://www.securitytube-training.com

Pentester Academy: http://www.PentesterAcademy.com

©SecurityTube.net
From Inodes to Files

©SecurityTube.net
What's in an inode block?
●
Regular files & directories = direct & indirect
blocks (sometimes)
●
Symbolic links will be stored in inode block if
target is less than 60 bytes long
●
If in-line data flag is set the first 60 bytes of a file
can be stored here
●
Extent tree (ext4 only) listing data runs
(contiguous blocks)

©SecurityTube.net
Direct and Indirect Blocks
●
First 12 blocks point to data blocks (first 48k)
●
Thirteenth block points to indirect block that
contains pointers to blocks (1k * 4k = 4MB)
●
Fourteenth block points to a double-indirect block
that points to block containing block pointers (1k
* 1k * 4k = 4GB)
●
Fifteenth block points to a triple-indirect block
that points to blocks containing double-indirect
blocks (1k * 1k * 1k * 4k = 4TB)
©SecurityTube.net
Extents (ext4 only)
●
Tree structure is used
●
Three types of entries
– Header
– Index (middle node)
– Extent (leaf node)

0x0 2 Magic Magic number 0xF30A

0x2 2 Entries Entries that follow the header
0x4 2 Max Entries Maximum number of entries that might follow
header
0x6 2 Depth 0=this node points to data blocks
1-5=this node points to other other extents

0x8 4 Generation Generation of the tree

0x0 4 Block This node covers block x and following

0x4 4 Leaf lo Lower 32 bits of block containing the node (leaf or

another index) one level lower in tree
0x8 2 Leaf hi Upper 16 bits of the block described above

0xA 2 Unused Padding to 12 byte size

0x0 4 Block First block covered by this extent

0x4 2 Len If <= 32768 initialized blocks in extent

If > 32768 extents is (len-32768) uninit blocks

0x6 2 Start hi Upper 16 bits of the starting block

0x8 4 Start lo Lower 32 bits of the starting block

Linux 052
Document9 pages
Linux 052
MotivatioNet
No ratings yet
EXT4 Bit by Bit (PDFDrive)
Document20 pages
EXT4 Bit by Bit (PDFDrive)
Iuliana C
No ratings yet
Rhel/Centos: by Shashank Gosavi
Document18 pages
Rhel/Centos: by Shashank Gosavi
Shashank Gosavi
No ratings yet
WavPack 4 & 5 Binary File / Block Format
Document6 pages
WavPack 4 & 5 Binary File / Block Format
qazmko1029
No ratings yet
Cyber 502x Unit 3
Document19 pages
Cyber 502x Unit 3
Javier Soncco
No ratings yet
CYBER502x Computer Forensics: Unit 3: Linux/Unix Filesystems
Document19 pages
CYBER502x Computer Forensics: Unit 3: Linux/Unix Filesystems
Nuaj Fj San
No ratings yet
2.5 IPv4
Document16 pages
2.5 IPv4
Peyman Yarmohammadi
No ratings yet
Tutorial How To Generate TSX Files Nataliapc - makeTSX Wiki GitHub
Document12 pages
Tutorial How To Generate TSX Files Nataliapc - makeTSX Wiki GitHub
rc2molina
No ratings yet
Linux Forensics: Dr. Phil Polstra @ppolstra PHD, Cissp, Ceh
Document7 pages
Linux Forensics: Dr. Phil Polstra @ppolstra PHD, Cissp, Ceh
scrapy
No ratings yet
Blowfish
Document9 pages
Blowfish
ukakkad2011
No ratings yet
8.12 .IPAddressing
Document19 pages
8.12 .IPAddressing
gangani hettiarachchi
No ratings yet
Linux 045
Document8 pages
Linux 045
MotivatioNet
No ratings yet
Windows 018
Document7 pages
Windows 018
MotivatioNet
No ratings yet
Windows 033
Document8 pages
Windows 033
MotivatioNet
No ratings yet
Data Type Summary (Visual Basic)
Document2 pages
Data Type Summary (Visual Basic)
Supol
No ratings yet
ps2 Memory Card
Document3 pages
ps2 Memory Card
f1294563
No ratings yet
Dino Dai Zovi: Mac OS Xploitation
Document41 pages
Dino Dai Zovi: Mac OS Xploitation
Hao Lian
100% (1)
WialonRetranslator 1.0 - en
Document3 pages
WialonRetranslator 1.0 - en
Ricardo
No ratings yet
Hydranode Project - Edonkey2000 Protocol Tag System Overview
Document2 pages
Hydranode Project - Edonkey2000 Protocol Tag System Overview
DeadMike
No ratings yet
Chapitre 4-Etude Des Microcontroleurs STM32
Document64 pages
Chapitre 4-Etude Des Microcontroleurs STM32
Haythem Chaoued
100% (1)
Linux 043
Document7 pages
Linux 043
MotivatioNet
No ratings yet
The FAT File System: CIS-24 Home
Document20 pages
The FAT File System: CIS-24 Home
mohammed2015amine
No ratings yet
Lect11 12 Cuda Threads
Document25 pages
Lect11 12 Cuda Threads
Renato Quezada E
No ratings yet
DES (Data Encryption Standard)
Document39 pages
DES (Data Encryption Standard)
Anonymous LsxNp3rNR
No ratings yet
2023 334 The3
Document19 pages
2023 334 The3
Yiğit Çınar
No ratings yet
Unit 1 - 80386 Architecture and Programmers Model
Document43 pages
Unit 1 - 80386 Architecture and Programmers Model
pj
No ratings yet
Curs 94 uCE 2013 2014 Stud
Document48 pages
Curs 94 uCE 2013 2014 Stud
Nicolae Morar
No ratings yet
Addressing Modes: 4.1. Interpreting Memory Addresses
Document20 pages
Addressing Modes: 4.1. Interpreting Memory Addresses
China Kcvr
No ratings yet
JPEG File Format
Document6 pages
JPEG File Format
Diego Sousa
No ratings yet
RAR 5.0 Archive Format
Document10 pages
RAR 5.0 Archive Format
astra nova
No ratings yet
IP Packet Header
Document20 pages
IP Packet Header
saher waleed
No ratings yet
Ext2 File System Assignments and Description Lab
Document14 pages
Ext2 File System Assignments and Description Lab
yogeshwari bahiram
No ratings yet
Final Winter 2004
Document5 pages
Final Winter 2004
DaxInvader
No ratings yet
Microprocessor By, Er. Swapnil V. Kaware
Document55 pages
Microprocessor By, Er. Swapnil V. Kaware
swapnil
No ratings yet
FAT Partition Boot Sector
Document28 pages
FAT Partition Boot Sector
denis palac
No ratings yet
Algorithmics: Information Coding Techniques
Document44 pages
Algorithmics: Information Coding Techniques
thendral
No ratings yet
Network: - Connectivity and Communication - Intranet - Extranet - Internet
Document18 pages
Network: - Connectivity and Communication - Intranet - Extranet - Internet
mirubaig2659
No ratings yet
Operating Systems - CS604 Special 2006 Assignment 04 Solution
Document1 page
Operating Systems - CS604 Special 2006 Assignment 04 Solution
Hoàng Công Mạnh
No ratings yet
Knowing The Internals - Who Needs SQL Server Anyway - Mark Rasmussen
Document98 pages
Knowing The Internals - Who Needs SQL Server Anyway - Mark Rasmussen
AshwinKumarPadhy
No ratings yet
Cache and Memory Systems
Document100 pages
Cache and Memory Systems
Jay Jaber
No ratings yet
Lecture Slide Network Layer
Document41 pages
Lecture Slide Network Layer
Muhibbullah Muhib
No ratings yet
Final ENCE 455 - ADVANCED MICROPROCESSOR SYSTEMS AND INTERFACING EXAMS - NOV 2021
Document8 pages
Final ENCE 455 - ADVANCED MICROPROCESSOR SYSTEMS AND INTERFACING EXAMS - NOV 2021
Crentsil Kwayie
No ratings yet
Sunsynk - Modbus - No Chinese
Document43 pages
Sunsynk - Modbus - No Chinese
fquen
No ratings yet
Poi-Hslf - A Guide To The Powerpoint File Format: 1. Records, Containers and Atoms
Document6 pages
Poi-Hslf - A Guide To The Powerpoint File Format: 1. Records, Containers and Atoms
jimakosjp
No ratings yet
Algorithms and Data Structures
Document80 pages
Algorithms and Data Structures
程国强
No ratings yet
MIT3030 L9-10 1 IPAddressing
Document43 pages
MIT3030 L9-10 1 IPAddressing
Malinda Lakmal
No ratings yet
Caches - Basic Idea
Document11 pages
Caches - Basic Idea
Justin Wilson
No ratings yet
Hands-On Lab Creating Filesystems On Partitioned Devices
Document10 pages
Hands-On Lab Creating Filesystems On Partitioned Devices
Iyyappan Mani
No ratings yet
IDEA and Blowfish Notes
Document10 pages
IDEA and Blowfish Notes
Mukesh
100% (2)
Verilog HDL Quick Reference Guide New
Document49 pages
Verilog HDL Quick Reference Guide New
anilment
No ratings yet
Memory Address Calculation
Document7 pages
Memory Address Calculation
May Thin Khine
No ratings yet
Cuda Webinars WarpsAndOccupancy
Document14 pages
Cuda Webinars WarpsAndOccupancy
prameetsk
No ratings yet
Computer Forensics: NTFS File System
Document42 pages
Computer Forensics: NTFS File System
Lars Bjork
No ratings yet
Super Quiet & Quad-LAN Pedestal Server: TS100-E5/PI4
Document4 pages
Super Quiet & Quad-LAN Pedestal Server: TS100-E5/PI4
Witoon Rungcharoensrichai
No ratings yet
MEF Format
Document18 pages
MEF Format
Reid Lindsay
No ratings yet
WAVE PCM Soundfile Format
Document4 pages
WAVE PCM Soundfile Format
Bánh Bao
No ratings yet
Microelectronic Systems N3 Checkbook
From Everand
Microelectronic Systems N3 Checkbook
R E Vears
No ratings yet
Python Interview Questions You'll Most Likely Be Asked: Job Interview Questions Series
From Everand
Python Interview Questions You'll Most Likely Be Asked: Job Interview Questions Series
Vibrant Publishers
No ratings yet
Advanced C Concepts and Programming: First Edition
From Everand
Advanced C Concepts and Programming: First Edition
Gayatri
Rating: 3 out of 5 stars
3/5 (1)
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
From Everand
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Bruce Dang
No ratings yet
TCP Bind Shell I
Document4 pages
TCP Bind Shell I
MotivatioNet
No ratings yet
Chaining Encoders Crypters
Document4 pages
Chaining Encoders Crypters
MotivatioNet
No ratings yet
Privilege Escalation DLL Hijacking
Document7 pages
Privilege Escalation DLL Hijacking
MotivatioNet
No ratings yet
Exploiting Utorrent Network Share
Document6 pages
Exploiting Utorrent Network Share
MotivatioNet
No ratings yet
DLL Hijacking Dtools
Document4 pages
DLL Hijacking Dtools
MotivatioNet
No ratings yet
Run Meterpreter 32 64 DLL
Document5 pages
Run Meterpreter 32 64 DLL
MotivatioNet
No ratings yet
DLL Hijacking Ida Analysis
Document6 pages
DLL Hijacking Ida Analysis
MotivatioNet
No ratings yet
Av Evasion No Silver Part
Document8 pages
Av Evasion No Silver Part
MotivatioNet
No ratings yet
Not Encoder GDB Analysis
Document4 pages
Not Encoder GDB Analysis
MotivatioNet
No ratings yet
Crypter
Document7 pages
Crypter
MotivatioNet
No ratings yet
Running Metasploit Loader As DLL
Document5 pages
Running Metasploit Loader As DLL
MotivatioNet
No ratings yet
Not Encoder
Document4 pages
Not Encoder
MotivatioNet
No ratings yet
024 Exploiting SSH Server Part 1
Document4 pages
024 Exploiting SSH Server Part 1
MotivatioNet
No ratings yet
026 Exploiting FTP Server Part 1
Document4 pages
026 Exploiting FTP Server Part 1
MotivatioNet
No ratings yet
Course Conclusion
Document4 pages
Course Conclusion
MotivatioNet
No ratings yet
Hidden Bind Shell
Document5 pages
Hidden Bind Shell
MotivatioNet
No ratings yet
Rip Relative Addressing
Document5 pages
Rip Relative Addressing
MotivatioNet
No ratings yet
Dns Poisoning Hosts File
Document5 pages
Dns Poisoning Hosts File
MotivatioNet
No ratings yet
Rip Relative Addressing
Document5 pages
Rip Relative Addressing
MotivatioNet
No ratings yet
Linux 027
Document8 pages
Linux 027
MotivatioNet
No ratings yet
Blocking Websites Using Malicious Pac
Document4 pages
Blocking Websites Using Malicious Pac
MotivatioNet
No ratings yet
Impersonation
Document6 pages
Impersonation
MotivatioNet
No ratings yet
Helloworld Shellcode JMP Call Pop
Document5 pages
Helloworld Shellcode JMP Call Pop
MotivatioNet
No ratings yet
022 Load Store Move Strings
Document4 pages
022 Load Store Move Strings
MotivatioNet
No ratings yet
Exploiting SSH Server Part 2
Document4 pages
Exploiting SSH Server Part 2
MotivatioNet
No ratings yet
How Twilio Built An API For Whatsapp For Business
Document6 pages
How Twilio Built An API For Whatsapp For Business
MotivatioNet
No ratings yet
024 Exit Shellcode
Document5 pages
024 Exit Shellcode
MotivatioNet
No ratings yet
020 Pentesting Windows Endpoints Av Bypass Python
Document7 pages
020 Pentesting Windows Endpoints Av Bypass Python
MotivatioNet
No ratings yet
022 Pentesting Windows Endpoints Win7hash Dumping Mimikatz
Document6 pages
022 Pentesting Windows Endpoints Win7hash Dumping Mimikatz
MotivatioNet
No ratings yet
023 Exploiting File Sharing Server Part 2
Document4 pages
023 Exploiting File Sharing Server Part 2
MotivatioNet
No ratings yet
Embedded System
Document21 pages
Embedded System
Assini Hussain
No ratings yet
Manuscripts Abbreviations and Keyboard Shortcuts
Document9 pages
Manuscripts Abbreviations and Keyboard Shortcuts
maiabaileypmpstud
No ratings yet
Installing WINE On CentOS
Document2 pages
Installing WINE On CentOS
Gitesh More
No ratings yet
Android in Hindi
Document53 pages
Android in Hindi
nikhil shukla
100% (1)
Chapter One Introduction & Evolution of Microprocessor
Document68 pages
Chapter One Introduction & Evolution of Microprocessor
abel bahiru
100% (1)
Lesson2 Assembling Disassembling A CPU
Document52 pages
Lesson2 Assembling Disassembling A CPU
andreaaanicoleee23
No ratings yet
Laptop Condition Report
Document3 pages
Laptop Condition Report
Ashok Kamath
100% (1)
Installation Report Template
Document15 pages
Installation Report Template
IvanSilva
No ratings yet
Vodafone-MachineLink-4G Lite-User-Guide
Document230 pages
Vodafone-MachineLink-4G Lite-User-Guide
Ahmed Alsalami
No ratings yet
Linux
Document296 pages
Linux
virendrakumarthakur
No ratings yet
Sparcengine Ultra Axi: Oem Technical Manual
Document174 pages
Sparcengine Ultra Axi: Oem Technical Manual
Dante Nuevo
100% (1)
Automatic Tools For High Availability in Postgresql: Camilo Andrés Echeverri
Document9 pages
Automatic Tools For High Availability in Postgresql: Camilo Andrés Echeverri
Registro Personal
No ratings yet
Red Hat Enterprise Virtualization 3.4 Beta Installation Guide en US
Document190 pages
Red Hat Enterprise Virtualization 3.4 Beta Installation Guide en US
dragos_vlaicu
No ratings yet
B.J.E.M School: Bank Management System
Document21 pages
B.J.E.M School: Bank Management System
Pratik Das
No ratings yet
Pse Cortex P Studyguide
Document52 pages
Pse Cortex P Studyguide
Nader
No ratings yet
Pengenalan MikroTik MTCNA
Document126 pages
Pengenalan MikroTik MTCNA
Aung Zaw Lin
No ratings yet
Integrating With Outbound API
Document45 pages
Integrating With Outbound API
vishy
No ratings yet
SSD Reporting New
Document21 pages
SSD Reporting New
Ms Paperworks
No ratings yet
VCTA-D586 On Line Automatic Optic Inspection (AOI) : Website: Email
Document3 pages
VCTA-D586 On Line Automatic Optic Inspection (AOI) : Website: Email
qee
No ratings yet
Is Is
Document104 pages
Is Is
Chanchal Kumar Biswas
100% (1)
DLP in CSS - May 25
Document6 pages
DLP in CSS - May 25
Esther Conde
No ratings yet
Tesseract Pim Architecture For Graph Processing - Isca15
Document13 pages
Tesseract Pim Architecture For Graph Processing - Isca15
Megha Joshi
No ratings yet
Change Log
Document186 pages
Change Log
Rango Tango
No ratings yet
Sophos Firewall SD Wan Brief
Document12 pages
Sophos Firewall SD Wan Brief
Arne Nordahl
No ratings yet
Intel Proset For Windows Device Manager Wmi Provider User S Guide
Document47 pages
Intel Proset For Windows Device Manager Wmi Provider User S Guide
Neri Milicic
No ratings yet
06-236542-001 Aries Intel. Comm. Module
Document30 pages
06-236542-001 Aries Intel. Comm. Module
Jorge
No ratings yet
BodyComm Operations Manual Cme
Document10 pages
BodyComm Operations Manual Cme
Jorge Vargas
No ratings yet
RDPWrap - Multiple RDP Sessions WIndows Server 2008 - 2012 - V1
Document9 pages
RDPWrap - Multiple RDP Sessions WIndows Server 2008 - 2012 - V1
Scanner2008
No ratings yet
Practice 100
Document19 pages
Practice 100
ask_gaby
No ratings yet
g12 Lesson Plan
Document17 pages
g12 Lesson Plan
sadam
No ratings yet