> On Jan 12, 2017, at 19:57, Ngie Cooper (yaneurabeya) <yaneurab...@gmail.com> > wrote: > > >> On Jan 12, 2017, at 18:14, Conrad Meyer <c...@freebsd.org> wrote: >> >> Forgot to mention: >> >> Documentation: >> https://www.sans.org/reading-room/whitepapers/forensics/reverse-engineering-microsoft-exfat-file-system-33274 >> >> Images for testing: http://www.cfreds.nist.gov/dfr-test-images.html >> (raw disk images, include partition tables) > > This commit doesn’t work as advertised: > > $ fstyp dfr-01-xfat.img > fstyp: dfr-01-xfat.img: filesystem not recognized > $ grep exfat `which fstyp` > Binary file /usr/sbin/fstyp matches > > -Ngie
Also: $ file dfr-01-xfat.img dfr-01-xfat.img: DOS/MBR boot sector $ hexdump -C dfr-01-xfat.img | head -n 2 00000000 eb 76 90 45 58 46 41 54 20 20 20 00 00 00 00 00 |.v.EXFAT .....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
signature.asc
Description: Message signed with OpenPGP using GPGMail
