Presentation is loading. Please wait.

Presentation is loading. Please wait.

Disk Structure Analysis

Published byBarbara McDaniel Modified over 6 years ago

Similar presentations

Presentation on theme: "Disk Structure Analysis"— Presentation transcript:

1 Disk Structure Analysis
DAT2343 Disk Structure Analysis Project 3 © Alan T. Pinck / Algonquin College; 2003

2 Project 3 Requirements See the complete requirements for this project under the Projects area for this course in Blackboard Determine specific structure information from an non-standard formatted diskette using DEBUG to analyze the boot sector. Locate a deleted file in a deleted directory by tracing through directory entries.

3 DEBUG Sector Level Read
DEBUG Command: Lmmmm d s n where mmmm is the (offset) memory address to where the sector(s) are to be copied d is the disk drive number (0=A: 1=B: …) s is the disk sector number (0 is the boot sector n is the number of sectors to read

4 Critical Boot Sector Entries
000B-C : bytes per sector 000D : sectors per allocation unit (file cluster) 0010h : number of copies of the FAT h : number of root directory entries (20h bytes per entry) h : number of sectors per copy of FAT h : number of sectors per track 001A-1Bh : number of tracks per cylinder (number of read/write heads)

5 Directory Entry Components
For “normal” 8.3 named files: bytes 0-7 : primary file name bytes 8-0A : extension byte 0B : attribute (see next slide) bytes 1A-1B : starting cluster bytes 1C-1F : file size (in bytes)

6 Directory Entries: Attributes
The attribute byte, within a file’s directory entry provides the following information (reading the bits from right to left): bit 0 : Read Only (if on) bit 1 : Hidden (if on) bit 2 : System (if on) bit 3 : Volume Label, not a real file (if on) bit 4 : Subdirectory (if on) bit 5 : Archive needed (if on) Note the special value of the attribute byte for long/extended file names (next slide)

7 Directory Entries: Long File Names
Long/Extended file names are stored in directory entries, but with a quite different format than “normal” file entries; the Attribute field for these extended file name entries is always 0F(hex) a value which would not make sense if interpreted normally. Extended file names are always followed by a “normal” (8.3) form for the same file and it is this 8.3 form which should be used for file analysis.

8 Directory Entries: Deleted Files
When a file is deleted, the first byte of the file name in the directory entry(ies) for this file is changed to a special code: E5(hex) and its FAT table entries are zeroed (indicating that the space is “free”). No other changes are made and, provided nothing else is changed on the disk, the file can be recovered (except for the first character of its name), since its first cluster number still points to a sector of the disk which contains the contents of the (deleted) file.

9 End of Lecture

Download ppt "Disk Structure Analysis"

Similar presentations

DAT2343 File Storage and Access © Alan T. Pinck / Algonquin College; 2003.

DAT2343 File Storage and Access © Alan T. Pinck / Algonquin College; 2003.
Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.

Chapter 4 Storing Information in a Computer Peter Nortons Introduction to Computers.
Chapter 12: File System Implementation

Chapter 12: File System Implementation
Windows File Systems CGS2564. Who Cares? C:\Documents\Taxes\Tax04.DOC.

Windows File Systems CGS2564. Who Cares? C:\Documents\Taxes\Tax04.DOC.
Operating Systems File Management.

Operating Systems File Management.
Chapter 4 : File Systems What is a file system?

Chapter 4 : File Systems What is a file system?
1 Week 11 FAT32 Boot Sector, Locating Files and Dirs Classes COP4610 / CGS5765 Florida State University.

1 Week 11 FAT32 Boot Sector, Locating Files and Dirs Classes COP4610 / CGS5765 Florida State University.
G53OPS Operating Systems Graham Kendall File Systems.

G53OPS Operating Systems Graham Kendall File Systems.
Chapter 10: File-System Interface

Chapter 10: File-System Interface
Ext2/Ext3 Linux File System Reporter: Po-Liang, Wu.

Ext2/Ext3 Linux File System Reporter: Po-Liang, Wu.
File System Analysis.

File System Analysis.
In this assignment you are going to read floppy disk. You can run ‘mdir’ Unix function to see what output your program should give. FAT-12 MS-DOS file.

In this assignment you are going to read floppy disk. You can run ‘mdir’ Unix function to see what output your program should give. FAT-12 MS-DOS file.
Day 29 File System.

Day 29 File System.
Digital Forensics Module 11 CS 996. 4/26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.

Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
11/13/01CS-550 Presentation - Overview of Microsoft disk operating system. 1 An Overview of Microsoft Disk Operating System.

11/13/01CS-550 Presentation - Overview of Microsoft disk operating system. 1 An Overview of Microsoft Disk Operating System.
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.

Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
Ceng Operating Systems

Ceng Operating Systems
Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –

Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –
Files & Partitions BACS 371 Computer Forensics. Data Hierarchy Computer Hard Disk Drive Partition File Physical File Logical File Cluster Sector Word.

Files & Partitions BACS 371 Computer Forensics. Data Hierarchy Computer Hard Disk Drive Partition File Physical File Logical File Cluster Sector Word.
1 Partitioning a Hard Drive ©Richard Goldman Revised January 8, 2001 Revised December 9, 2002.

1 Partitioning a Hard Drive ©Richard Goldman Revised January 8, 2001 Revised December 9, 2002.

Similar presentations

Ads by Google