DFIR Reference · Disk Architecture

Eye-Describe
Windows Boot Disk Explorer

Interactive partition map — click any partition, folder, or file to inspect its forensic role in the boot chain.

ESP / Boot

Windows (C:)

Recovery

MBR / GPT header

MSR

Unallocated

click partition segment to explore

click file to see forensic details

scroll boot chain nodes below

Physical disk · Disk 0

💽

NVMe SSD — 512 GB

GPT · MBR: protective · 512B sectors · Interface: PCIe 4.0

512 GB

💽 Disk Structure

Select a partition →

—

📂

Click a partition to explore its files

🔍

Click a file to see its forensic role

Boot chain — file interactions