Good day am new here and at forensics.
I'm looking at a hex dump of the MBR and EDR but at a loss please some assistance 😉
Just got two questions how can i determine if a hex dump of the MBR is in little endian or in big endian?
Second how can i tell what is the start of a partition the second after the first at 0xBE
Â
regards
Easy way?
Get good ol' tiny hexer:
https://www.softpedia.com/get/Others/Miscellaneous/tiny-hexer.shtml
 AND (shameless plug) my MBR template/Structure Viewer.
http://reboot.pro/topic/8734-tiny-hexer-scripts/
MBR's are little endian, (the data), with - possibly - the exception of the Disk Signature that - depending on the tools in use is interpreted either as a number (little endian) or as a sequence of bytes.
What do you mean by EDR?
jaclaz
Â