drop a disk image or raw mbr vbr sector dump · deep parse mbr and vbr · compare against known-good templates · flag deviations · detect bootkits · identify infected bootstrap code · runs locally
boot sector image
drop binary (mbr / disk start)
512-byte sector dump or disk image · max 2MB
parses 512-byte mbr · partition table · 0x55AA signature · bootstrap vs windows template · vbr oem/bpb · bootkit strings (TDL4 · Petya · …)
drop mbr sector dump or disk image start (max 2MB)