A Lynux storage device is represented as a file. For example a physical SATA or serial ATA hard drive shows up as dev/sda in the file system. The second physical SATA hard drive will show up as dev/sdb in the file system.
Below a USB drive is plugged in the machine. The USB drive plugged in this machine shows up as dev/sdd in the file system. The numbers after the drive letters sda and adb, represent partitions or logical drives. Here we used f-disk to demonstrate this concept.
First type: sudo fdisk –L (you need sudo command before f-disk because you need to execute this command as a privileged user) then press enter. If the operating system asks for entering your password, type it in.
dev/sda1 is the first partition of the first physical drive on this machine. dev/sdb2 is the second and so on.
Something like dev/sda5 is a logical partition inside an external partition. There’s also dev/sdb1which means there’s another physical drive that is only one partition. Finally there’s the third storage device which is dev/sdd1which is my usb drive that is also only one partition.
Now you know where to look for storage device information on your Lynux system and how to interpret their representations.
Read the first part on Preparing For A Computer Forensics Investigation (Certifications).
Secure Your Organization’s Mind with Securemind.se