Event ID 1006 — For internal use only.

Provider: Microsoft-Windows-Partition
Channel: Diagnostic
Level: Informational

Description

For internal use only.

Message #

For internal use only.

Fields #

Name	Description
`DiskNumber` UInt32	—
`Flags` UInt32	—
`Characteristics` UInt32	—
`IsSystemCritical` Boolean	—
`PagingCount` UInt32	—
`HibernationCount` UInt32	—
`DumpCount` UInt32	—
`BytesPerSector` UInt32	—
`Capacity` UInt64	—
`BusType` UInt32	—
`Manufacturer` UnicodeString	—
`Model` UnicodeString	—
`Revision` UnicodeString	—
`SerialNumber` UnicodeString	—
`Location` UnicodeString	—
`ParentId` UnicodeString	—
`Socket` Int32	—
`Slot` Int32	—
`Bus` Int32	—
`Device` Int32	—
`Function` Int32	—
`Adapter` Int32	—
`Port` Int32	—
`Target` Int32	—
`Lun` Int32	—
`IoctlSupport` UInt64	—
`IdFlags` UInt32	—
`DiskId` GUID	—
`AdapterId` GUID	—
`RegistryId` GUID	—
`PoolId` GUID	—
`FirmwareSupportsUpgrade` Boolean	—
`FirmwareSlotCount` UInt8	—
`StorageIdCount` UInt32	—
`StorageIdCodeSet` UInt32	—
`StorageIdType` UInt32	—
`StorageIdAssociation` UInt32	—
`StorageIdBytes` UInt32	—
`StorageId` Binary	—
`WriteCacheType` UInt32	—
`WriteCacheEnabled` UInt32	—
`WriteCacheChangeable` UInt32	—
`WriteThroughSupported` UInt32	—
`FlushCacheSupported` Boolean	—
`IsPowerProtected` Boolean	—
`NVCacheEnabled` Boolean	—
`BytesPerLogicalSector` UInt32	—
`BytesPerPhysicalSector` UInt32	—
`BytesOffsetForSectorAlignment` UInt32	—
`IncursSeekPenalty` Boolean	—
`IsTrimSupported` Boolean	—
`IsThinProvisioned` Boolean	—
`OptimalUnmapGranularity` UInt64	—
`UnmapAlignment` UInt64	—
`NumberOfLogicalCopies` UInt32	—
`NumberOfPhysicalCopies` UInt32	—
`FaultTolerance` UInt32	—
`NumberOfColumns` UInt32	—
`InterleaveBytes` UInt32	—
`HybridSupported` Boolean	—
`HybridCacheBytes` UInt64	—
`AdapterMaximumTransferBytes` UInt32	—
`AdapterMaximumTransferPages` UInt32	—
`AdapterAlignmentMask` UInt32	—
`AdapterSerialNumber` UnicodeString	—
`PortDriver` UInt32	—
`UserRemovalPolicy` Boolean	—
`PartitionStyle` UInt32	—
`PartitionCount` UInt32	—
`PartitionTableBytes` UInt32	—
`PartitionTable` Binary	—
`MbrBytes` UInt32	—
`Mbr` Binary	—
`Vbr0Bytes` UInt32	—
`Vbr0` Binary	—
`Vbr1Bytes` UInt32	—
`Vbr1` Binary	—
`Vbr2Bytes` UInt32	—
`Vbr2` Binary	—
`Vbr3Size` UInt32	—
`Vbr3` Binary	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Partition",
    "guid": "412BDFF2-A8C4-470D-8F33-63FE0D8C20E2",
    "event_source_name": "",
    "event_id": 1006,
    "version": 4,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2023-11-06T06:25:12.672631+00:00",
    "event_record_id": 11,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 236
    },
    "channel": "Microsoft-Windows-Partition/Diagnostic",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "DiskNumber": 0,
    "Flags": 538976528,
    "Characteristics": 262400,
    "IsSystemCritical": true,
    "PagingCount": 0,
    "HibernationCount": 0,
    "DumpCount": 0,
    "BytesPerSector": 512,
    "Capacity": 134217728000,
    "BusType": 10,
    "Manufacturer": "VMware,",
    "Model": "VMware Virtual S",
    "Revision": "1.0",
    "SerialNumber": "NULL",
    "Location": "PCI Slot 160 : Bus 3 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0",
    "ParentId": "PCI\\VEN_1000&DEV_0054&SUBSYS_197615AD&REV_01\\4&2509f6e&0&00A8",
    "Socket": -1,
    "Slot": 160,
    "Bus": 3,
    "Device": 0,
    "Function": 0,
    "Adapter": 0,
    "Port": 0,
    "Target": 0,
    "Lun": 0,
    "IoctlSupport": 59751,
    "IdFlags": 2,
    "DiskId": "33A0A150-7C6D-11EE-9369-806E6F6E6963",
    "AdapterId": "C831DD37-73BE-11EE-935E-806E6F6E6963",
    "RegistryId": "C831DD44-73BE-11EE-935E-806E6F6E6963",
    "PoolId": "00000000-0000-0000-0000-000000000000",
    "FirmwareSupportsUpgrade": true,
    "FirmwareSlotCount": 1,
    "StorageIdCount": 0,
    "StorageIdCodeSet": 0,
    "StorageIdType": 0,
    "StorageIdAssociation": 0,
    "StorageIdBytes": 0,
    "StorageId": "",
    "WriteCacheType": 0,
    "WriteCacheEnabled": 0,
    "WriteCacheChangeable": 0,
    "WriteThroughSupported": 0,
    "FlushCacheSupported": false,
    "IsPowerProtected": false,
    "NVCacheEnabled": false,
    "BytesPerLogicalSector": 512,
    "BytesPerPhysicalSector": 512,
    "BytesOffsetForSectorAlignment": 0,
    "IncursSeekPenalty": false,
    "IsTrimSupported": false,
    "IsThinProvisioned": false,
    "OptimalUnmapGranularity": 0,
    "UnmapAlignment": 0,
    "NumberOfLogicalCopies": 0,
    "NumberOfPhysicalCopies": 0,
    "FaultTolerance": 0,
    "NumberOfColumns": 0,
    "InterleaveBytes": 0,
    "HybridSupported": false,
    "HybridCacheBytes": 0,
    "AdapterMaximumTransferBytes": 16777215,
    "AdapterMaximumTransferPages": 257,
    "AdapterAlignmentMask": 0,
    "AdapterSerialNumber": "NULL",
    "PortDriver": 1,
    "UserRemovalPolicy": false,
    "PartitionStyle": 1,
    "PartitionCount": 4,
    "PartitionTableBytes": 624,
    "PartitionTable": "0100000004000000215EE82F29506742BFFD03FE966FCE0E0044000000000000007AFF3F1F0000008000000000000000010000000000000000001000000000000000C012000000000100000000000000A4BB94DED106404DA16ABFD50179D6AC0A74B2F82423DB44BBF880523FE5334B01000000000000804200610073006900630020006400610074006100200070006100720074006900740069006F006E0000000000000000009AE46A7CC1260000EA113C27FA7F0000090000000000000001000000000000000000D012000000000000400600000000020000000000000028732AC11FF8D211BA4B00A0C93EC93BB06A6BD681E41D4CA3B9CD12F12570F700000000000000804500460049002000730079007300740065006D00200070006100720074006900740069006F006E000000000000000000000000000000000000000000000000000000000000000000010000000000000000001019000000000000000800000000030000000000000016E3C9E35C0BB84D817DF92DF00215AE939D5ACC01EDF948B355D70EA2CD61CA00000000000000804D006900630072006F0073006F0066007400200072006500730065007200760065006400200070006100720074006900740069006F006E0000000000000000000000000000000000010000000000000000001021000000000000E01E1F0000000400000000000000A2A0D0EBE5B9334487C068B6B72699C7A3D297750444994FB9796233378A81BF00000000000000004200610073006900630020006400610074006100200070006100720074006900740069006F006E0000000000000000009AE46A7CC1260000EA113C27FA7F00000900000000000000",
    "MbrBytes": 0,
    "Mbr": "",
    "Vbr0Bytes": 0,
    "Vbr0": "",
    "Vbr1Bytes": 0,
    "Vbr1": "",
    "Vbr2Bytes": 0,
    "Vbr2": "",
    "Vbr3Size": 0,
    "Vbr3": ""
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline