In the virtual machine, click Start, "Turn Off Computer", "Turn Off". Wait until the guest operating system shuts down.
On the right side, click "Edit virtual machine settings".
In the "Virtual Machine Settings" box, click the Add... button. If a "User Account Control" box pops up, click .
In the "Add Hardware Wizard" box, accept the default selection of "Hard Disk" and click the Next button, as shown below:
In the "Select a Disk" box, accept the default selection of "Create a New Virtual Disk" and click the Next button.
In the "Select a Disk Type" box, accept the default selection of "IDE (Recommended)" and click the Next button.
In the "Specify Disk Capacity" box, set the "Maximum disk size (GB)" to 0.1 and check the "Allocate all disk space now" as shown below. Click Next.
In the "Specify a Disk File" box, accept the default selection and click Finish. In the "Virtual Machine Settings" box, click OK.
Scroll down and click the "Download page" link. Download and install the English version of HxD. Accept the default options.
In HxD, click Extras, "Open disk...".
In the "Open disk" box, in the "Physical disks" section, click "Hard Disk 2", as shown below. Click OK.
HxD shows the contents of the disk, as shown below on this page.
Find these things:
The disk should now appear in Disk Management as "Disk 1", containing approximately 100 MB of Unallocated space, as shown below.
Scroll down to the end of the first sector, locations 1FE and 1FF, and note that the last two bytes are 55 and AA, as shown below. Bytes 200 and above still contain zeroes.
The chart below shows the main features of the MBR (from Wikipedia).
Find these features in your HxD window:
In the "Welcome to the New Partition Wizard" box, click Next.
In the "Select Partition Type" box, accept the default selection of "Primary partition" and click Next.
In the "Specify Partition Size" box, enter a Partition Size of 8 as shown below, and click Next.
In the "Assign Drive Letter or Path" box, accept the default selection of E and click Next.
In the "Format Partition" box, set the "Allocation unit size" to 4096, as shown below, and click Next.
In the "Completing the New Partition Wizard" box, click Finish.
After a few seconds, Disk Manager should now show New Volume (E:) new volume with a size of 8 MB, as shown below.
Notice that the first record of the partition table (from hex 01BE through 01CD) now contains data, as highlighted in the image below on this page.
Click the "CNIT 121" link. Click the "Projects" link.
Under "Project 2", click the SPAM.zip link.
Save the file on your desktop.
Click the EGGS.zip link and save it on your desktop as well.
On your desktop, right-click the SPAM.zip file and click "Extract All...".
In the "Welcome to the Compressed (zipped) Folders Extraction Wizard" box, click Next.
In the "Select a Destination" box, enter a directory of E:, as shown below. Click Next.
After a few seconds, an error message pops up, saying "There is not enough space on the disk to extract the file". Click OK.
In the "Extraction Wizard" box, click Cancel.
From the virtual machine's desktop, click Start, "My Computer".
Double-click "New Volume (E:)".
Double-click the SPAM folder to open it.
You see a lot of files named spam1001.txt, spam1002.txt, etc.
Double-click spam1001.txt.
As you can see, the file contains the word SPAM repeated many times, as shown below. Each "spam" file contains 10,000 characters.
Scroll down with the mouse until you find some SPAM.
Scroll back up carefully to the start of a block of SPAM. The exact location may vary. When I did it, the spam started at sector 671, as shown below on this page.
Tap the PageDown key on the keyboard until you reach the end of the SPAM text in this file. When I did it, the text ended in sector 714, as shown in the image below on this page.
The partition is formatted with 4096-byte clusters, each containing eight 512-byte sectors. The spam files contain 10,000 characters each, so they occupy three clusters, as shown below. Look at these clusters and verify that they contain the expected data. Your Sector numbers might be different, but you should see this pattern of data in 24 sequential sectors.
CLUSTER 1 CLUSTER 2 CLUSTER 3 --- ---- --- ---- --- ---- 671 SPAM 679 SPAM 687 SPAM 672 SPAM 680 SPAM 688 SPAM 673 SPAM 681 SPAM 689 SPAM 674 SPAM 682 SPAM 690 SPAM + 0 675 SPAM 683 SPAM 691 0 776 SPAM 684 SPAM 692 0 777 SPAM 685 SPAM 693 0 778 SPAM 686 SPAM 694 0
Double-click "New Volume (E:)".
Right-click the SPAM folder and click Delete.
In the "Confirm Folder Delete" box, click Yes.
Another "Confirm Folder Delete" box pops up, saying that these files will be "permanently deleted". Click Yes.
Scroll through the 24 sectors you examined previously, and verify that all the SPAM text is still there. Deleting the files did not erase any text data.
All it did was change records in the Master File Table.
Right-click "New Volume (E:)" and click Format....
In the "Format New Volume (E:)" box, make sure that the "Quick Format" box is cleared, and that the "Enable Compression" box is cleared, as below. Click Start. A "Format New Volume (E:)" box pops up saying "WARNING: Formatting will erase ALL data on this disk". Click OK.
When the message "Format Complete" appears, click OK.
Scroll through the 24 sectors you examined previously, and verify that all the SPAM text is still there. Formatting the disk did not erase any text data either.
In the "Welcome to the Compressed (zipped) Folders Extraction Wizard" box, click Next.
In the "Select a Destination" box, enter a directory of E:. Click Next.
When the extraction completes, click Finish.
A "New Volume (E:)" window opens.
Double-click the EGGS folder to open it.
Double-click the EGGS folder to open it.
You see a lot of files named "Copy (2) of eggs1001.txt", etc. Double-click one of the files to open it.
As you can see, the file contains the word EGGS repeated many times, as shown below. There are a total of 1000 characters in each "eggs" file, much smaller than the "spam" files.
Scroll through the 24 sectors you examined previously, and find some EGGS data. If necessary, use the mouse to scroll, or the "Search" menu item, to find some EGGS text. Find the place where the EGGS data ends, as shown below.
Click the taskbar at the bottom of your host Windows 7 desktop, to make the host machine listen to the keyboard, instead of the virtual machine.
Press the PrintScrn key in the upper-right portion of the keyboard. That will copy the whole desktop to the clipboard.
YOU MUST SUBMIT A FULL-SCREEN IMAGE TO GET FULL CREDIT!
On the host machine, not the virtual machine, open Paint and paste in the image.
Save the image with the filename "Your Name Proj 2a". Use your real name, not the literal text "Your Name".
Sector Contents Technical Term ------ -------- ----------------------- 695 EGGS Active data 696 EGGS + 0 Active data + RAM Slack 697 SPAM File Slack
Make sure you understand the Terms for each type of data.
In the Windows XP virtual machine, close all windows, except the HxD window.
Click Start, Run.
In the Run box, type CMD and press the Enter key.
In the Command Prompt window, type this command and then press the Enter key:
DISKPART
In the Command Prompt window, type this command and then press the Enter key:
LIST DISK
You should see two disks, as shown below on this page. Disk 0 is the system disk containing Windows XP. Disk 1 is the 100 MB disk we want to erase.
In the Command Prompt window, type this command and then press the Enter key:
SELECT DISK 1
Verify that the message says "Disk 1 is now the selected disk." BE CAREFUL when using this tool--if you erase the wrong disk, it's GAME OVER.
In the Command Prompt window, type this command and then press the Enter key:
CLEAN ALL
All the SPAM and EGGS text is now gone.
Scroll to the top and observe that the whole disk is empty--even the MBR is gone.
Send it to: cnit.121@gmail.com with a subject line of "Proj 2From Your Name", replacing "Your Name" with your own first and last name.
Send a Cc to yourself.
Last Modified: 5-22-13 4:23 pm