MBR

Invoke-IR / ForensicPosters

0
Add to favorites

Cheats

Topic Focus
Digital Forensics
Source
Invoke-IR

https://github.com/Invoke-IR/ForensicPosters

 

  • Invoke-IR/ForensicPosters GPT;
  • Invoke-IR/ForensicPosters $UsnJrnl_$J;
  • Invoke-IR/ForensicPosters Registry_NamedKey;
  • Invoke-IR/ForensicPosters $UsnJrnl_$Max;
  • Invoke-IR/ForensicPosters Registry_Header;
  • Invoke-IR/ForensicPosters 0_MFT;
  • Invoke-IR/ForensicPosters Prefetch101;
  • Invoke-IR/ForensicPosters 0x10_$STANDARD_INFORMATION;
  • Invoke-IR/ForensicPosters 7_$Boot(VBR);
  • Invoke-IR/ForensicPosters 4_$AttrDef;
  • Invoke-IR/ForensicPosters 0x20_$ATTRIBUTE_LIST;
  • Invoke-IR/ForensicPosters 0xXX_NonResident;
  • Invoke-IR/ForensicPosters 0x30_$FILE_NAME;
  • Invoke-IR/ForensicPosters _MBR;
  • Invoke-IR/ForensicPosters 0x60_$VOLUME_NAME;
  • Invoke-IR/ForensicPosters 0xA0_$INDEX_ALLOCATION;
  • Invoke-IR/ForensicPosters 0x70_$VOLUME_INFORMATION;
  • The Windows PowerShell Logging Cheat Sheet;
  • Invoke-IR/ForensicPosters 0x80_$DATA;
  • Invoke-IR/ForensicPosters 0x90_$INDEX_ROOT;

 

Photos

wrnk
wrs
MasterBootRecord
$Boot-NTFSVolumeBootRecord
iai
AD
0x60-$VOLUME_NAME
NonResident
vbr
sj
$MFT
VNA
DA
0x80-$DATA
0xA0-$INDEX_ALLOCATION (2)
sj
WRV
$UsnJrnl$Max
0x20_$ATTRIBUTE_LIST
wrh
WRV
0xA0-$INDEX_ALLOCATION (1)
ALI
GuidPartitionTable
$UsnJrnl$J
NRA
usn
GUID
MFT
FNA
VIA
0x70-$VOLUME_INFORMATION
0x90-$INDEX_ROOT
usnds
Prefetch101
wrs
SIA
IRA
0x10-$STANDARD_INFORMATION
0x30-$FILE_NAME

Enterprise Sponsors

Partners