OPERATING SYSTEMS Frans Sanen.  Analyze a FAT file system manually  FAT12 first and simplest version  Still used on smaller disks (e.g. floppies) 

Slides:

Advertisements

Similar presentations

Operating Systems File Management.

Advertisements

Chapter 4 : File Systems What is a file system?

1 Week 11 FAT32 Boot Sector, Locating Files and Dirs Classes COP4610 / CGS5765 Florida State University.

SEMINAR ON FILE SLACK AND DISK SLACK

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

File Systems Examples.

FILE SYSTEMS. File Names 1 to 255 characters in length  This includes the path You can use uppercase and lowercase (case-aware, but not case-sensitive)

In this assignment you are going to read floppy disk. You can run ‘mdir’ Unix function to see what output your program should give. FAT-12 MS-DOS file.

The FAT File System CSC 414. Objectives  Understand the structure and components of the FAT (12/16/32) File Systems  Understand what happens when a.

Day 29 File System.

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Ceng Operating Systems

1 Friday, July 07, 2006 “Vision without action is a daydream, Action without a vision is a nightmare.” - Japanese Proverb.

Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –

Implementing Hard Drives Chapter 10

Week 10 Project 3: An Introduction to File Systems

1 File Systems Chapter Files 6.2 Directories 6.3 File system implementation 6.4 Example file systems.

Objectives Learn what a file system does

FAT Structure. File Allocation Table (FAT) File Systems Used with all flavors of Windows Supported by all Windows and UNIX varieties Used in flash cards.

Presented to: Sir Ahmad Karim

 FILE S SYSTEM  DIFFERENT FILE SYSTEMS  FILE SYSTEM COMPONENTS  FILE OPERATIONS  LOG STRUCTERD FILE SYSTEM  FILE EXAMPLES.

File Systems (1). Readings r Silbershatz et al: 10.1,10.2,

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems David Goldschmidt, Ph.D.

Lecture 9: The FAT and VFAT Filesystems 6/16/2003 CSCE 590 Summer 2003.

Files CS Spring Overview Example: FAT File System File Organization File System Organization –File Directories and File Sharing –Record Blocking.

1 Project 3: An Introduction to File Systems CS3430 Operating Systems University of Northern Iowa.

Component 4: Introduction to Information and Computer Science Unit 4: Application and System Software Lecture 3 This material was developed by Oregon Health.

GCSE Information Technology Storing data Data storage devices can be divided into 2 main categories: Backing storage is used to store programs and data.

Bits, Bytes, Files, Hard Drives. Bits, Bytes, Letters and Words ● Bit – single piece of information ● Either a 0 or a 1 ● Byte – 8 bits of information.

File System Management File system management encompasses the provision of a way to store your data in a computer, as well as a way for you to find and.

The disk surface is divided into tracks. into tracks. 1.

File System Interface. File Concept Access Methods Directory Structure File-System Mounting File Sharing (skip)‏ File Protection.

ENGI 3655 Lab Sessions 1Richard Khoury.  Linked Allocation ◦ Section Richard Khoury2.

Investigation of a USB Storage Device (FAT16)

File Systems in Real-Time Embedded Applications March 5th Eric Julien Understanding How the File Allocation Table (FAT) Operates 1.

File Storage Organization The majority of space on a device is reserved for the storage of files. When files are created and modified physical blocks are.

DISK THEORY. Disk Theory n How information is stored on disk n How we can take advantage of that when bad things happen.

1 Floppy Drive Formatting ©Richard Goldman February, 2001.

University of Pennsylvania 10/31/00CSE 3801 Windows File System - FAT originally invented as a method for storing data on floppy disks. later used by MS-DOS.

FAT File Allocation Table

Lecture 10 Page 1 CS 111 Summer 2013 File Systems Control Structures A file is a named collection of information Primary roles of file system: – To store.

BOOT SECTOR, RDE AND FAT ANALYSIS AND STUDY. FLOPPY CONSTRUCTION 1.Write - Protect Notch. 2.Hub. 3.Shutter. 4.Outer Jacket. 5.Protective Woolen Film.

Computer Forensics Hard Drive Format.

NTFS Filing System CHAPTER 9. New Technology File System (NTFS) Started with Window NT in 1993, Windows XP, 2000, Server 2003, 2008, and Window 7 also.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.

File system and file structures

Chapter 8 File Systems FAT 12/16/32. Defragmentation Defrag a hard drive – Control Panel  System and Security  Administration tools  Defrag hard drive.

Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.

BITS Pilani Pilani Campus Pawan Sharma Lecture ES C263 INSTR/CS/EEE F241 Microprocessor Programming and Interfacing.

SVBIT SUBJECT:- Operating System TOPICS:- File Management

Master Boot Record (MBR)

Day 28 File System.

UMBC CMSC 421 Spring 2017 The FAT Filesystem.

Efficient Drive forensics – and it’s free!

CENG334 Introduction to Operating Systems

Chapter 11: File System Implementation

File System Structure How do I organize a disk into a file system?

A “Walk Through” Experiment

GUID Partition Table Unified Extensible Firmware Interface (UEFI)

Project 3: An Introduction to File Systems

File Managements.

File Systems Implementation

FILE SYSTEM ANALYSIS Dr Fudong Li

Project 3: An Introduction to File Systems

Disk Structure Analysis

Sector 25 from the Root Directory (in 32 byte chunks)

GUID Partition Table Unified Extensible Firmware Interface (UEFI)

Department of Computer Science

FAT File System.

Chapter 5 File Systems -Compiled for MCA, PU

Presentation transcript:

OPERATING SYSTEMS Frans Sanen

 Analyze a FAT file system manually  FAT12 first and simplest version  Still used on smaller disks (e.g. floppies)  FAT16 & FAT32 as successors (essentially the same, but more complex)  De facto USB stick standard  Resources  Microsoft’s general overview of FAT export)  Links from the assignment 2

 Hex editor  Program that allows us to manipulate binary computer files   XVI-32  ASCII table    29#Tabel_van_ASCII-codes 29#Tabel_van_ASCII-codes 3

 Verify the MD5 checksum of the image  Linux: md5sum  Windows  hksfv (via Google)  4

 Floppy Disk  Directories  FAT12  Removing files 5

 Floppy Disk  Directories  FAT12  Removing files 6

 Structure of a FAT12 formatted floppy disk PositionLengthContents 01Boot sector 19Fat 1 109Fat Root directory Data 7

 Sector size is 512B or ½ KB  2880 sectors in total (= )  2880 * 1/2 KB = 1440 KB = 1,4 MB  Fat 2 is a copy of Fat 1  Root directory contains the directory entries

 Isolate the different parts for the floppy image (fat12.img) by using a hex editor  Find the (hexadecimal) start addresses for every part 9

 Floppy Disk  Directories  FAT12  Removing files 10

 Floppy Disk  Directories  FAT12  Removing files 11

 Directory in FAT12 is a sequence of file descriptions  Every file description consists of 32 bytes Note: hexadecimal number is a quick way to write 4 binary numbers 12

PositionLengthContents 08Name 83Extension 111Attribute 1210Reserved 222Time 242Date 262First cluster 284File size 13

b 5a b5a330300b  Name: first 8 bytes  Can be looked up in ASCII table  Spaces are used as padding TEST____

15

b 5a b5a330300b  Extension: next 3 bytes  Can be looked up in ASCII table  Spaces are used as padding DD_

b 5a b5a330300b  Attribute: kept in a bitvector  Little endian byte order: least significant byte first  E.g. 4A 3B 2C 1D (hexadecimal) is stored as 1D 2C 3B 4A

0read-only4subdir 1hidden5archive 2system file6/ 3volume label7/ 18

b 5a b5a330300b  Attribute: 12th byte  20 hexadecimal  32 decimal  in bits (little endian) Hence... archive!

b 5a b5a330300b  Reserved: next 10 bytes  Creation time and date  Last accessed

b 5a b5a330300b  Time: next 2 bytes (after reserved part)  851b  1b85  1b = 27 =  85 = 133 =  So:

22   Hours: 5 bits  or 3  Minutes: 6 bits  : 28  Seconds: 5 bits (only even seconds!)  00101: 5  10  So... 3h 28m 10s

b 5a b5a330300b  Date: next 2 bytes (after time)  5a33  335a  33 = 51 =  5a = 90 =  So:

24   7 bits for the number of years since 1980  : 25  4 bits for the month  1010: 10  5 bits for the day  11010: 26  So... October 26, 2005

b 5a b5a330300b  First cluster: next 2 bytes (after date)  Sequence number of the first cluster of the file  0300  0003 (hexadecimal)  So: cluster 3

b 5a b5a330300b  File size: last 4 bytes  B  b0  So: 1200 bytes

 Interpret the following directory entry  Visualize the contents of the root directory of fat12.img by giving the name, size and date of each entry. 5a b c a a

 Floppy Disk  Directories  FAT12  Removing files 28

 Floppy Disk  Directories  FAT12  Removing files 29

 Directory-entry contains the cluster where the file starts (first cluster value is FAT index)  FAT indexes 0 and 1 are unused, so  FAT index 3 matches data cluster 1  FAT index 240 matches data cluster 238  FAT-table gives us the other clusters that potentially are used by the file 30

 The FAT contains a 12-bit element for every cluster  FAT12 So… 2 FAT elements can be saved in 3 bytes E.g. AB CD EF contains both DAB and EFC (AB CD EF  BA DC FE  DAB and EFC) 31

000Free cluster 002-FEFUsed cluster + value pointing to next cluster FF0-FF6Reserved FF7Bad cluster FF8-FFFUsed cluster + last cluster of file 32

 F0 FF FF F0 FF becomes (FOF FFF) FFF or clusters 3, 4 and 5 are in use (cluster 2 is free)  Remember the file size of 1200 bytes? Now we know that the file is stored in 3 clusters: (3 x 512) – 1200 or 336 bytes of slack space (i.e. lost space due to internal fragmentation loss) 33

 Clusters 3, 4 and 5 match with data blocks 1, 2 and 3  How to find where a data block starts?  Start address data blocks: 4200 (H)  Cluster 1 starts after 1 x 512 bytes or 200 (H) Hence, 4400 is the hexadecimal start address. 34

 Find all clusters of the file sum.xls on fat12.img and reconstruct the file 35

 Floppy Disk  Directories  FAT12  Removing files 36

 Floppy Disk  Directories  FAT12  Removing files 37

 Find out what happens when a file is removed. How can you see this on the floppy?  Is it possible to undelete a file? How? If yes, are there limitations? 38