File system and file structures

Slides:



Advertisements
Similar presentations
Chapter 12: File System Implementation
Advertisements

More on File Management
Concepts about the file system 2. The disk structure 3. Files in disk – The ext2 FS 4. The Virtual File System (c) 2013, Prof. Jordi Garcia.
Free Space and Allocation Issues
File Systems.
File Systems Examples.
Ext2/Ext3 Linux File System Reporter: Po-Liang, Wu.
File System Analysis.
File System Basics Brandon Checketts. Some terminology Superblocks Inodes Journaling Hard links Symbolic links Directory entries.
Day 27 File System. UNIX File Management Types of files Ordinary – stream of bytes Directory – list of names plus pointers to attributes of the entry.
Operating Systems File Systems CNS 3060.
CS4513 Distributed Computer Systems Review. What is a file descriptor? –What information must it contain? –What information might it contain?
Operating Systems File Systems (in a Day) Ch
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
CS 333 Introduction to Operating Systems Class 18 - File System Performance Jonathan Walpole Computer Science Portland State University.
Project 3: File System Design COS318 Fall Last Time Web Server Extensive use of a file system on server machine without actually worrying about.
Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –
Chapter 40 File System Implementation
Ext* Content Areas Inodes, Directories & Files. Review Recall …the file system metadata The superblock describes the file system The group descriptor.
Laksh mi.  fdisk is an interactive utility to manipulate disk partitions.  Use fdisk –l to review the disks and partitions on the system.  Use fdisk.
Files & Partitions BACS 371 Computer Forensics. Data Hierarchy Computer Hard Disk Drive Partition File Physical File Logical File Cluster Sector Word.
F ILE S YSTEMS comparison of FAT, NTFS, and Linux.
BACS 371 Computer Forensics
New Technologies File System
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
BACS 371 Computer Forensics
Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems David Goldschmidt, Ph.D.
1Fall 2008, Chapter 11 Disk Hardware Arm can move in and out Read / write head can access a ring of data as the disk rotates Disk consists of one or more.
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
Computer Forensics COEN 252.  File systems can be extent-based ◦ E.g. NTFS ◦ Storage space is allocated in extents, large sets of contiguous blocks ◦
Bits, Bytes, Files, Hard Drives. Bits, Bytes, Letters and Words ● Bit – single piece of information ● Either a 0 or a 1 ● Byte – 8 bits of information.
Windows NTFS Introduction to Operating Systems: Module 15.
1 Interface Two most common types of interfaces –SCSI: Small Computer Systems Interface (servers and high-performance desktops) –IDE/ATA: Integrated Drive.
ENGI 3655 Lab Sessions 1Richard Khoury.  Linked Allocation ◦ Section Richard Khoury2.
Chapter 5 File Management File System Implementation.
1 File Systems: Consistency Issues. 2 File Systems: Consistency Issues File systems maintains many data structures  Free list/bit vector  Directories.
File Storage Organization The majority of space on a device is reserved for the storage of files. When files are created and modified physical blocks are.
Files & File system. A Possible File System Layout Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved
Project 6 Unix File System. Administrative No Design Review – A design document instead 2-3 pages max No collaboration with peers – Piazza is for clarifications.
Ext2/Ext3 Linux File System Reporter: Po-Liang, Wu.
CS333 Intro to Operating Systems Jonathan Walpole.
UNIX File System (UFS) Chapter Five.
FAT File Allocation Table
Lecture 10 Page 1 CS 111 Summer 2013 File Systems Control Structures A file is a named collection of information Primary roles of file system: – To store.
Linux File system Implementations
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems File systems.
File Systems Topics Design criteria History of file systems Berkeley Fast File System Effect of file systems on programs fs.ppt CS 105 “Tour of the Black.
Chapter 6 File Systems. Essential requirements 1. Store very large amount of information 2. Must survive the termination of processes persistent 3. Concurrent.
Lecture 19 Linux/Unix – File System
Lecture 20 FSCK & Journaling. FFS Review A few contributions: hybrid block size groups smart allocation.
NTFS Filing System CHAPTER 9. New Technology File System (NTFS) Started with Window NT in 1993, Windows XP, 2000, Server 2003, 2008, and Window 7 also.
Review CS File Systems - Partitions What is a hard disk partition?
File System Lab. ext2 file system layout The layout of the system:
1 The File System. 2 Linux File System Linux supports 15 file systems –ext, ext2, xia, minix, umsdos, msdos, vfat, proc, smb, ncp, iso9660, sysv, hpfs,
W4118 Operating Systems Instructor: Junfeng Yang.
File Systems and Disk Management
Day 28 File System.
File-System Management
EXT in Detail High-Performance Database Research Center
Jonathan Walpole Computer Science Portland State University
Today topics: File System Implementation
Chapter 11: File System Implementation
Chapter 12: File System Implementation
Day 27 File System.
File System Structure How do I organize a disk into a file system?
File Systems and Disk Management
An overview of the kernel structure
FILE SYSTEM ANALYSIS Dr Fudong Li
Disk Structure Analysis
FAT File System.
Presentation transcript:

File system and file structures Ext2 & Ext3 File Systems File system and file structures

Three+ Optional Feature Categories Compatible features OS can mount even if it doesn’t support these Incompatible features The OS shouldn’t mount if it doesn’t support these Read-only compatible features Should mount as read-only if not supported Experimental features Can be anything added to the kernel

Structures File System Files and Directories Superblock describes the file system Group descriptor describes a block group Block groups are consecutive sectors that store … Files and Directories Directory entry points to an inode in the inode table Inode table stores inode pointers An inode describes a directory or file or contains the data

The Superblock 2 sectors (1024 bytes) that describe the file system Volume label Block size # blocks per group # reserved blocks before the 1st block group The superblock block group number Count of free inodes & blocks (total all groups) An Ext* block is similar to a FAT* cluster

Superblock Locations 1st superblock is1024 bytes past the beginning of the file system Copies of the superblock are in the first block of each block group Read-only compatible Sparse superblock  not all block groups backup the superblock The default

Group Descriptor Table Stores The group descriptors One for each block group Starting block addresses block bitmap inode bitmap inode table Count of free inodes & blocks for the group Located in the block after the superblock Backup copies are in the same block groups as the superblock backups

Block Group Layout Boot sectors (2) may precede the superblock (1st block group) Backup Super Block Group Desc Table Block Bitmap Inode Bitmap Inode Table File Content

Block Bitmap One bit per block in the group  size = #blocks / 8 Linux creates a block group to have as many blocks as there are bits in a block Thus, a block bitmap is always 1 block in size Tracks block allocation for the group

Inode Bitmap Tracks the allocation of inodes in the group Size = #inodes per group / 8 Size defined at file system creation Typically fewer inodes than blocks per group

Inode Table Size = # inodes * 128 bytes (inode size) Inodes contain file and directory metadata Directory has file/directory name and pointer to inode in the table Inode points to the file content blocks

File System Analysis Size = block size * #blocks Features If < volume size  volume slack hidden data? Features Read-only compatible Sparse superblock  not all blocks backup the superblock The default

Superblock Analysis Always 1024 bytes from start of file system 1st 1024 reserved for boot code hidden data? Crucial, since it describes the key file system data structures Superblock signature: 0xEF53 in bytes 56 & 57 Backup copies  equally spaced signatures Sparse superblock feature  not in every group Features flags indicate special features Lots of free space in superblock Hidden data?

Finding Superblock Copies (I) sigfind -0 56 –l ef53 disk-8.dd Block size: 512 Offset: 56 Block: 298661 (-) Block: 315667 (+17016) Block: 353313 (+37636) Block: 377550 (+24237) Distances aren’t powers of two & they aren’t evenly spaced  don’t appear to be superblock copies Example from “File System Forensic Analysis”, Brian Carrier, Addison-Wesley, 2005

Finding Superblock Copies (II) [deleted a lot here] Block: 2056322 (+274327) Block: 2072706 (+16384) Block: 2105474 (+32768) Block: 2138242 (+32768) Block: 2171010 (+32768) Block: 2203778 (+32768) Looks like superblock is in sector 2056322

Finding Superblock Copies (III) Distances aren’t powers of two & they aren’t evenly spaced  don’t appear to be superblock copies

Ext 2 vs. Ext 3 Inter-compatible Ext3 adds journaling for consistency Ext2 converts to Ext3 Ext3 can be read by Ext2 Ext3 adds journaling for consistency Journal is a small, circular area written before writing to the disk After crash, read the journal to ensure all write operations were completed Redo any that were not completed

Finding Superblock Copies (IV) [deleted a lot here] Block: 2278273 (+2800) Block: 2281551 (+3278) Block: 2282617 (+1066) Block: 2314319 (+31702) Block: 2347087 (+32768) Block: 2379855 (+32768) Block: 2412623 (+32768) Seems like we might have some superblocks???

Effects of Journaling The superblock is journaled, just like any other data, when backup copies are made This creates a multitude of signatures in the journal We check the superblock copy and find It is from an Ext3 file system The block group number is 3 Thus, block group 0 must be 49,152 sectors earlier, at sector 2,265,167 just after the end of the prior file system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.