Hi, I am currently trying to find the superblock in the MBR of a Ext2 file system. I need to find the superblock so i can gather information such as the first sector allocated to the file system, the total number of inodes in the file system etc.
I know that in the MBR the first 446 bytes are the boot code and the first partition starts after this and is 16 bytes long which is followed by 3 more partitions and then the last two bytes are saved for the signiture.
So where is the superblock where i can acquire the information needed.
Heres the MBR i am working with -
any advice would be appreciated.
If I can read your hex dump correctly, ther super block will be sector 0x41. Or could be 0x3f40.
It will be offset at 0x1c6 plus 0x400 bytes, probably 2 sectors
(Hex dumps are far easier to read with 0x10 columns)
Hi, I am currently trying to find the superblock in the MBR of a Ext2 file system. I need to find the superblock so i can gather information such as the first sector allocated to the file system, the total number of inodes in the file system etc.
You may also consider getting a copy of Brian Carrier's book File System Forensics, which goes into all imaginable details of MBR partitioning, as well as Ext2/Ext3.