Hi guys!!! its been a while since my last post. In my last posts I discussed about how to dig some usefull and interesting information
from windows registry. Now I'm going to introduce you guys to the filesystems.
You would be thinking that what is filesystem ??
It is a data structure that an operating system uses for keeping the track of disk partitions.
I will be discussing about Windows and Linux filesystems briefly.Knowledge about file systems are very neccessary for
cyber forensics expert as it can help in investigation purposes. My upcoming posts will be on filesystems. Like the definitons ,its structure
and practical application of knowledge about file systems in cyber crime investigations. In the first section I will be giving theoritical
explaination of both windows and Linux file systems.
First, let us discuss about windows file systems.
Windows has two types of file system available in its operating systems.
They are as mentioned below:-
a) FAT
b) NTFS
FAT:-
FAT is abbreviated as File Allocation Table. It was used in the earlier versions of Windows operating systems
like MS-DOS and Windows 98 etc. Earlier it was a 12bit file sytem called FAT12 and later it grew to 32bit file sytems
called FAT32. FAT has three flavours, such as FAT12, FAT16, FAT32 depending upon the amount of space that the file system
can address in each partition.The structure on the physical disk are common among all FAT file systems.FAT32 system keeps
backup of its file record in a backup Master File Table (MFT) called $MFTMrr.
NTFS:-
NTFS is abbreviated as NT Filesystem which is present in Windows NT and the later versions. It is more complex than FAT file system.
It provides a multiple user environment with file-level permissions and more security. To keep track of the contents of the partitions
NTFS uses MFT (MASTER FILE TABLE). Filenames, Attributes and MAC time are stored in MFT along with the attributes by the system when a
file is accessed by the user.
In my next post I will be discussing about the Linux file systems.
from windows registry. Now I'm going to introduce you guys to the filesystems.
You would be thinking that what is filesystem ??
It is a data structure that an operating system uses for keeping the track of disk partitions.
I will be discussing about Windows and Linux filesystems briefly.Knowledge about file systems are very neccessary for
cyber forensics expert as it can help in investigation purposes. My upcoming posts will be on filesystems. Like the definitons ,its structure
and practical application of knowledge about file systems in cyber crime investigations. In the first section I will be giving theoritical
explaination of both windows and Linux file systems.
First, let us discuss about windows file systems.
Windows has two types of file system available in its operating systems.
They are as mentioned below:-
a) FAT
b) NTFS
FAT:-
FAT is abbreviated as File Allocation Table. It was used in the earlier versions of Windows operating systems
like MS-DOS and Windows 98 etc. Earlier it was a 12bit file sytem called FAT12 and later it grew to 32bit file sytems
called FAT32. FAT has three flavours, such as FAT12, FAT16, FAT32 depending upon the amount of space that the file system
can address in each partition.The structure on the physical disk are common among all FAT file systems.FAT32 system keeps
backup of its file record in a backup Master File Table (MFT) called $MFTMrr.
NTFS:-
NTFS is abbreviated as NT Filesystem which is present in Windows NT and the later versions. It is more complex than FAT file system.
It provides a multiple user environment with file-level permissions and more security. To keep track of the contents of the partitions
NTFS uses MFT (MASTER FILE TABLE). Filenames, Attributes and MAC time are stored in MFT along with the attributes by the system when a
file is accessed by the user.
In my next post I will be discussing about the Linux file systems.
Thank you for this clarification.
ReplyDelete