James said: /* Any help with the possible drive geometry or the possible cause of this effect would be much appreciated. */ Check the partition table in the Master Boot Record to get a rough idea of the drive geometry. A partition entry includes starting and ending cylinder, head, sector info as well as other very useful data. Here's the format of a 512 byte MBR - sector 0 - for a Windows/DOS compatible system: HEX Offset Stuff 000h 446 bytes = boot code 1BEh 16 bytes - 1st partition entry 1CEh 16 bytes - 2nd partition entry 1DEh 16 bytes - 3rd partition entry 1EEh 16 bytes - 4th partition entry 1FEh 2 bytes - 55 AA - Boot Record Signature Each partition entry has the following structure: HEX Offset Stuff 00h 1 byte - Current State = 00h for not Bootable or 80h for Bootable 01h 1 byte - Starting Head = Beginning of Partition 02h 1 Word - Beginning Cylinder/Sector 04h 1 byte - Partition Type/File System Indicator Byte - 0C = FAT32 - 07 = NTFS 05h 1 byte - Ending head of Partition 06h 1 Word - End of Partition - Cylinder and Sector 08h 1DWord - # of Sectors Between MBR and 1st Sector in Partition 0Ch 1DWord - # of Sectors in the Partition James =============================== James O. Holley Ernst & Young Litigation Advisory Services & Computer Forensic Services http://litigation.ey.com Office: 703.747.1059 Fax: 703.747.0104 Lab: 703.747.0253 Pager: 888.620.5275 Pager email: 6205275 "AT" skytel.com =============================== ________________________________________________________________________ The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 20:55:49 PST