Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 252: Computer Forensics

Published bySebastian Ludvigsen Modified over 6 years ago

Similar presentations

Presentation on theme: "COEN 252: Computer Forensics"— Presentation transcript:

1 COEN 252: Computer Forensics
Unix File Systems

2 Unix File System Increasingly important
Linux MacOS X Bewildering variety on a laptop Linux versions Free BSD Open BSD Mac

3 Unix File Systems Almost everything is a file.
File has properties such as File type and access permissions. Link count. Ownership & group membership. Date and time of last modification. File name.

4 Unix File System Owners can change many of these data
Including modification time.

5 Unix File System Based on Inodes. More flexible than tables.

6 Inodes i_mode (directory IFDIR, block special file (IFBLK), character special file (IFCHR), or regular file (IFREG) i_nlink i_uid (user id) i_gid (group id) i_size (file size in bytes) i_addr (an array that holds addresses of blocks) i_mtime (modification time & date) i_atime (access time & date)

7 Inodes

8 Inodes

9 Unix File System Classical Unix used a file table to mediate between users and their open files. File table had references to the inodes of open files.

10 Unix File System On-Disk Layout.
Superblock contains data on the file system.

11 Unix File System

12 Unix File Systems First versions of Unix had a single file system.
Unix System V Release 3.0 introduced File System Switch architecture. No longer a tight coupling between kernel and file system.

13 Unix File Systems SunOS elaborated on this idea.
Clear split between file system-dependent and file system-independent kernel. Intermediary layer is the VFS / VOP / veneer layer. Allows disk file systems such as 4.2 BSD FFS, MS-DOS, NFS, RFS.

14 Unix File Systems Disk Layout not uniform.
Ext2 (Linux) file system layout.

15 Journaling File Systems
File systems use caching in order to speed up operations. An unclean dismount can leave the file system in an unclean state. Journaling file system can keep a log, so that they can simply replay the log in order to bring the file system into a consistent state.

16 Journaling File Systems
Log can contain Only records of changes to metadata. Records of changes to metadata and client data. New values of blocks. Research Effort. Not successfully implemented.

17 Journaling File Systems
ext3 (adds journal to ext2) for Linux JFS ReiserFS XFS

18 Journaling File Systems
Interesting opportunity for forensic investigation. Unfortunately, log entries get purged if too old.

Download ppt "COEN 252: Computer Forensics"

Similar presentations

Chapter 12: File System Implementation

Chapter 12: File System Implementation
Operating Systems Operating Systems - Winter 2009 Chapter 5 – File Systems Vrije Universiteit Amsterdam.

Operating Systems Operating Systems - Winter 2009 Chapter 5 – File Systems Vrije Universiteit Amsterdam.
Operating Systems Operating Systems - Winter 2011 Chapter 5 – File Systems Vrije Universiteit Amsterdam.

Operating Systems Operating Systems - Winter 2011 Chapter 5 – File Systems Vrije Universiteit Amsterdam.
UC Santa Barbara Project 3 Discussion Bryce Boe 2011/05/17 and 2011/05/20.

UC Santa Barbara Project 3 Discussion Bryce Boe 2011/05/17 and 2011/05/20.
File Systems Examples.

File Systems Examples.
Ext2/Ext3 Linux File System Reporter: Po-Liang, Wu.

Ext2/Ext3 Linux File System Reporter: Po-Liang, Wu.
File System Basics Brandon Checketts. Some terminology Superblocks Inodes Journaling Hard links Symbolic links Directory entries.

File System Basics Brandon Checketts. Some terminology Superblocks Inodes Journaling Hard links Symbolic links Directory entries.
File System – Unix baed. An entry of Active File table: 1. Access Right: r/w/x 2. Process Count: no. of processes which are now referring to the file.

File System – Unix baed. An entry of Active File table: 1. Access Right: r/w/x 2. Process Count: no. of processes which are now referring to the file.
CSE 451: Operating Systems Section 7 File Systems; Project 3.

CSE 451: Operating Systems Section 7 File Systems; Project 3.
File System Implementation CSCI 444/544 Operating Systems Fall 2008.

File System Implementation CSCI 444/544 Operating Systems Fall 2008.
File management in UNIX and windows 2000

File management in UNIX and windows 2000
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
File System Implementation

File System Implementation
7/15/2015B.RamamurthyPage 1 File System B. Ramamurthy.

7/15/2015B.RamamurthyPage 1 File System B. Ramamurthy.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
1Fall 2008, Chapter 11 Disk Hardware Arm can move in and out Read / write head can access a ring of data as the disk rotates Disk consists of one or more.

1Fall 2008, Chapter 11 Disk Hardware Arm can move in and out Read / write head can access a ring of data as the disk rotates Disk consists of one or more.
Computer Forensics COEN 252.  File systems can be extent-based ◦ E.g. NTFS ◦ Storage space is allocated in extents, large sets of contiguous blocks ◦

Computer Forensics COEN 252.  File systems can be extent-based ◦ E.g. NTFS ◦ Storage space is allocated in extents, large sets of contiguous blocks ◦
Files CS 470 - Spring 2002. Overview Example: FAT File System File Organization File System Organization –File Directories and File Sharing –Record Blocking.

Files CS Spring Overview Example: FAT File System File Organization File System Organization –File Directories and File Sharing –Record Blocking.
File System Implementation Chapter 12. File system Organization Application programs Application programs Logical file system Logical file system manages.

File System Implementation Chapter 12. File system Organization Application programs Application programs Logical file system Logical file system manages.
File Systems CSCI 4534. What is a file? A file is information that is stored on disks or other external media.

File Systems CSCI What is a file? A file is information that is stored on disks or other external media.

Similar presentations

Ads by Google