Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Slides:



Advertisements
Similar presentations
NTFS - The workhorse file system for the Windows Platform
Advertisements

Chapter 12: File System Implementation
File Management.
COMP091 – Operating Systems 1
Disk Fundamentals. More than one platter (round cylinders)
BACS 371 Computer Forensics
Computer Forensics NTFS File System.
File Systems Examples.
File System Analysis.
© Microsoft Corporation1 Windows Kernel Internals NTFS David B. Probert, Ph.D. Windows Kernel Development Microsoft Corporation.
FILE SYSTEMS. File Names 1 to 255 characters in length  This includes the path You can use uppercase and lowercase (case-aware, but not case-sensitive)
Operating Systems File Systems CNS 3060.
Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.
Operating Systems File systems
1 File Management in Representative Operating Systems.
File System Variations and Software Caching May 19, 2000 Instructor: Gary Kimura.
Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –
Metadata Files Excellent reference:
BACS 371 Computer Forensics
Tasks Necessary for Setting Up a Hard Disk Initializing the disk with basic or dynamic storage type Creating partitions on basic disks or volumes on dynamic.
MCSE Guide to Microsoft Windows 7 Chapter 5 Managing File Systems.
1 Partitioning a Hard Drive ©Richard Goldman Revised January 8, 2001 Revised December 9, 2002.
Storage and NT File System INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
New Technologies File System
Objectives Learn what a file system does
IT Essentials: PC Hardware and Software 1 Chapter 7 Windows NT/2000/XP Operating Systems.
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
LIS508 lecture 5: storage devices Thomas Krichel
Presented to: Sir Ahmad Karim
®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.
Disk Structures. CTEC 1102 Formatting a Disk Two parts to formatting a disk:  Low-level (physical) formatting  High level (logical) formatting Low-level.
NTFS Architecture NTFS Physical Structure
Lecture 9: The FAT and VFAT Filesystems 6/16/2003 CSCE 590 Summer 2003.
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
Window NT File System JianJing Cao (#98284).
Bits, Bytes, Files, Hard Drives. Bits, Bytes, Letters and Words ● Bit – single piece of information ● Either a 0 or a 1 ● Byte – 8 bits of information.
File System Management File system management encompasses the provision of a way to store your data in a computer, as well as a way for you to find and.
Windows NTFS Introduction to Operating Systems: Module 15.
MCSE GUIDE TO MICROSOFT WINDOWS 7 Chapter 5 Managing File Systems.
Chapter 3 Partitioning Drives using NTFS and FAT32 Prepared by: Khurram N. Shamsi.
File Systems in Real-Time Embedded Applications March 5th Eric Julien Understanding How the File Allocation Table (FAT) Operates 1.
Lecture 11: The FAT, VFAT, and NTFS Filesystems 6/19/2003 CSCE 590 Summer 2003.
File Storage Organization The majority of space on a device is reserved for the storage of files. When files are created and modified physical blocks are.
OPERAING SYSTEM 1 CA-210 WINDOWS XP. CHAPTER 1 OPERATING SYSTEM FUNDAMENTALS.
MCSE Guide to Microsoft Windows Vista Professional Chapter 5 Managing File Systems.
Operating System Concepts and Techniques Lecture 18 Information management-2* FFS, UFS2, NTFS M. Naghibzadeh Reference M. Naghibzadeh, Operating System.
1 Floppy Drive Formatting ©Richard Goldman February, 2001.
Page 1 File Systems and Disk Management Lecture 5 Hassan Shuja 10/19/2004.
NTFS 5.0 By Jeffrey Richter and Luis Felipe Cabrera From the Microsoft Systems Journal Presented by Stylianos Paparizos.
FILE SYSTEMS. Presented to: Sir. Ahmad Kareem Presented by: Sadia Rasheed Bsit
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems File systems.
Computer Forensics Hard Drive Format.
Web File System Meeting Presentation October 06. NTFS New Technology File System Muhammad Talha Ekram 2185.
MCSE GUIDE TO MICROSOFT WINDOWS 7 Chapter 5 Managing File Systems.
NTFS Filing System CHAPTER 9. New Technology File System (NTFS) Started with Window NT in 1993, Windows XP, 2000, Server 2003, 2008, and Window 7 also.
Adding a Hard Drive. BIOS / UEFI The Unified Extensible Firmware Interface (UEFI) defines a software interface between an operating system and platform.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
File system and file structures
BACS 371 Computer Forensics
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
File Systems May 12, 2000 Instructor: Gary Kimura.
Day 28 File System.
UMBC CMSC 421 Spring 2017 The FAT Filesystem.
Computer Forensics NTFS File System.
Disks and Formatting Ch 3.
Working with Disks Lesson 4.
Windows XP File Systems
FILE SYSTEM ANALYSIS Dr Fudong Li
Computer Forensics NTFS File System.
FAT File System.
Presentation transcript:

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003

File Allocation Table (FAT) The FAT file System is a simple file system. The File Allocation Table resides at the start of the volume Duplicate copy maintained for recovery In the FAT file system space is allocated in clusters. The size of the default cluster is determined by the size of the volume The cluster number must fit in 16 bits and be a power of 2. Partition Boot Sector Fat-1Fat-2 Duplicate Root FolderOther folders and files

File Allocation System Uses a File Allocation Table to to organize the file system and keep track of cluster usage Two copies of the FAT are kept (in older versions of FAT, adjacent to each other, in the same cluster) Files are given first available cluster in the partition Also uses folders to indicate where in the FAT the info for a file may be

File Allocation Table Information Information on clusters –Unused 0x0000 (free) –Cluster in use by a file –Bad cluster (0xFFF7) –Last cluster in a file (0xFFF8-0xFFFF) If a file consists of multiple clusters then the end of the first cluster contains a link to the next cluster in the file. Example

Three Necessary System Files Besides FAT, MBR, Partition Tables need: –IO.SYS, MSDOS.SYS, COMMAND.COM IO.SYS –Low-level drivers to communicate with BIOS –First entry in root directory and first cluster MSDOS.SYS –Disk handling routines –Second entry in root directory, no position requirements COMMAND.COM –DOS command processor or user-interface

System Files format /S –puts these system files on to make it bootable and positions them correctly DOS 6.x removed required positioning of IO.SYS and MSDOS.SYS Windows 95 replaced them with one file, WINBOOT.SYS

FAT Root Folder Root folder contains each entry for each file and folder on the root At a fixed location Fixed size 512 entries for a hard disk Other folders contain similar entries but can be anywhere on the disk and have unlimited (relatively) entries Cannot be deleted – anchors file system

FAT Folder Structure Folder entries include –Name (8+3 characters) –Attribute byte –Creation time –Creation date –Last access date –Last modified time –Last modified date –Starting cluster number in the file allocation table (16 bits)

FAT Filenames Old 8+3 names, eight bits for the name, three bits for the extension

VFAT Longer names are supported but backward FAT compatibility is maintained in VFAT Example of conversion and storage –“The quick brown.fox” – 15 + extension –“THEQUI~1.FOX” made up name Unicode  2 bytes for each character in the long name Windows sets volume, read-only, system, and hidden attributes on log filename entries to get backwards compatible to ignore these fields

File Attributes Voluntary Stored in a single byte (only uses 6 bits) –Read-Only –Hidden –System –Volume Label –Directory –Archive

VFAT Long Filename Storage

File Deletion Places hex byte code “E5h” into the first letter of the file name of the file entry in the folder that contains it Just marks files for deletion and frees up clusters in FAT If you are quick enough and no files have overwritten it, you can recover it Search a hard drive and slack for “E5h” –Can even find deleted folders

FAT Problems Cross-linked files: files appearing to use the same clusters because of error in the FAT Lost cluster: cluster marked as ‘in use’ in the FAT, but there is no corresponding folder entry Invalid file or directories: –No pointer to parent directory “..” –Invalid start cluster –Invalid date (buggy software) Allocation or FAT errors: entries in FAT get set to invalid values

NTFS Basics The Windows NT file system is NTFS NTFS is designed for high performance on very large hard disks (read, write and file-system recovery) Formatting a volume with the NTFS file system results in: –Master Files Table (MFT) –System Files Formatted NTFS Volume Partition Boot Sector Master File Table System Files File Area

NTFS Includes: –Security features –Data access control – permissions on files and folders –Folders can be shared Basically everything on the volume is a file –Even file system metadata (info about file system itself) Everything in a file is an attribute: –Data attribute –Security attribute –File name attribute New features –Encryption, disk quotas, sparse files, reparse points, distributed link tracking

NTFS Partition Boot Sector BIOS Parameter Block –Information on volume layout similar to FAT –File system structures Code –How to find code that loads operating system –On NT points to and loads NTLDR Duplicate boot sector located in the logical middle of the volume

NTFS System Files First 16 records in MFT contain metadata: –0: Master File Table (MFT) –1: Master File Table2 – a mirror of first 3 records –2: Log File – list of transaction steps for NTFS recovery –3: Volume – volume name, NTFS version, other volume information –4: Attribute Definition Table – table of attribute names, numbers, and descriptions –5: Root Filename Index

NTFS System Files (2) –6: Cluster Bitmap – bitmap of clusters in use –7: Partition Boot Sector – if bootable, bootstrap code –8: Bad Cluster File – locations of bad clusters –9: Security File – security descriptors for all files in volume –10: Upcase Table – lowercase to Unicode uppercase –12: NTFS Extension File – optional extensions like quotas, reparse point data, object identifiers –12-15: are reserved for future use

NTFS Master File Table MFT A database that contians info on every file in an NTFS volume Small files are stored entirely in MFT (< 1500 bytes) Large files are referred to with pointers Small directories are stored in the MFT Large directories point to clusters where their directory entries are stored

NTFS File Attributes Attributes residing entirely in MFT are said to be resident attributes –File name and timestamp attributes are always resident Nonresident attributes are stored in cluster elsewhere on the volume and Attribute List attribute contains their locations

File Attribute Definitions Standard Information: time stamps, link counts, etc. Attribute List – location of nonresident attributes Filename –short (8.3, case insensitive) –long (255 Unicode characters) Security Descriptor – owner and access rights Data –Has one unnamed data attribute –Can have multiple named data attributes (think ADS) Object ID – a volume-unique file identifier for distributed link tracking service

File Attribute Definitions Logged Tool Stream – like data stream, but changes are logged to NTFS Log File like metadata changes Reparse Point – used for volume mount points Index Root – implements folders and indexes Index Allocation – implements folders and indexes Bitmap – map of records in use in MFT or folder Volume Information – volume version for $Volume system file Volume Name – volume label for $Volume system file

Review Homework 1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.