Jump to content

Discovering the secrets held by a 'blank' partiton

Sparda

By Sparda
in Questions

 Share

Recommended Posts

digip Newbie

digip

Posted
Posted
ntldr is the windows kernel (I still believe). but that's only the surface problem, the actual problem is that (at a guess) 90% of the file system is gone.

ntldr is like boot.ini for win95/98. You can't load windows without it, its like the mbr telling it where the drive starts.

http://en.wikipedia.org/wiki/NTLDR

If there was a physical file ntldr.exe, it was probably a virus. http://www.auditmypc.com/process/ntldr.asp

Sparda Newbie

Sparda

Posted
  • Author
Posted

Good news. Took 4 days or so but EnCase was able to recover most (if not all) of the important stuff. Still don't have a wtf clue as to what happened. If it was a skiddie, they got pwned :P.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...