File System Types

00:00

Welcome to everyday did your friend's ex. I'm your host, your son, you said, And I'll be guiding you through today's episode on file system types

00:09

before we step into today's episode. That's review logical expressions. Take a few moments to review the expressions and try to solve it.

00:19

So number one true and false gives you the value of false, false or false gives you another value. Falls

00:27

three.

00:28

False and true give you the value of falls. But when you not it, which is Thean version of it, you get true

00:35

a number four based on the truth tables you see

00:38

on the left side of screen,

00:40

you can see that zero is the same representation as falls on one is the same. Representation is true

00:47

When we not one, we get again zero and then zero or zero return zero.

00:52

And when you and the two zeros who had a value of their

00:57

the following videos were reviews several fouls system types, the focus of this module will be between

01:03

the fat file system and anti FS.

01:04

This video would give you an introduction to these two types

01:07

well, first, to find the fat follow system

01:11

examining an example of its structure

01:12

to find the anti FS fall system

01:15

and then do a forensics comparison between these two systems.

01:21

While this Monjo is solely focused on only NDFs in the fat file system, I like to take a moment to recognize the other foul systems out there.

01:30

Some of these systems are used in combination with the fact file system

01:34

and TFS or even the HFS in us, which is the Mac version.

01:41

These foul systems are used as either partitions within on operating systems that handle operational tasks, data or various operations, and Storch, such as the U. S. V is your flash drives or your CDs.

01:53

Lennox supports numerous file systems,

01:57

while Mac mainly uses the Apple fall system. The eight PFS

02:00

It was a replacement off you

02:04

HFS plus.

02:06

So the fat bowel system,

02:08

what is file allocation table? This is the breakdown over fat file system is the file Allocation table is a simple file system structure that was originally designed for small disk or very simple file structures. The file allocation table is a simple file system originally designed for small disk

02:29

or just simple file structures.

02:30

The name is based on its method organizations

02:35

on a resigns primarily at the beginning of the volume.

02:38

There's two copies of the

02:42

final indication that's kept,

02:44

and this way you're able to correlate between the two and and determine if one of them has become corrupted or damage.

02:50

So now, looking at the system structure, as I mentioned earlier, the file allocation table two copies of it, and it's located at beginning. The root folder itself is at a fixed location ists.

03:01

If you see in the top right corner,

03:04

you can see that as a fat file system. It's structured in the way that first, the partition boot structure.

03:12

Then you get your first file allocation table. The duplicate five location table.

03:17

Your root folder, which will go ahead and to find in the next video

03:22

on and for the rest of the storage face is just other folders and files. The fat file system is based on allocating into clusters

03:31

the defaults cluster sizes based on if you look at the bottom right corner, you see the differences between the puree versions of fat policies, and you have that 12 at 16 fat 32. The bits per cluster as you transition between the systems increase and so does the cluster size.

03:50

For the fat file system. The cluster number must fit within a 16 bit

03:54

and must be within the power of two. So that's the fat follow system novel into the NT FS file system.

04:01

So NDFs stands for new technology file system.

04:04

It was originally introduced by Marcus off in 1993 within the release of Windows NT 3.1. Currently, the Windows Server line of operating systems

04:15

primary use anti of us. It's supported both in Lenox on BSD for markets only supported as a read only

04:25

in permits between NT fs. In fact, file system is NT FS supports man's data and events. Data structures will go into this more as we define anti of us. And, of course, there's an elaborate security system based on access control lists, also known as A, C. L's and journaling with

04:44

within the file system

04:45

and if s could be primary found within Windows operating systems. So when you're performing forensics on an anti FS file system, your based around a Windows machine.

04:56

So how does NT FS work?

04:58

Everything in an TFS is a file. Everything about that file is stored in its attributes. We have data attributes, foul name attributes and security attributes. Each of these files has four timestamp attributes from create modification, access and entry modified.

05:14

Any object within an anti FS file system is defined as a file. And all those files can tell you. When I was created, when I was last modified, when I was last access

05:24

and when the entry itself was modified during the process of for many in the hard does, such as installing the operative system to your machine that this itself is divided into the partition. If you see in the bottom right corner, the partitions are split into the partition boot sector.

05:40

The Master Powell table, which will get in more to later videos, those system files and then the file areas. This is quite similar to how the follow system the fat house system was structured. Re hand your

05:53

partition tables. You're fat, you're fat, your route and then the general file areas feel s itself. Keep trucks of all the files that are stored in each partition. So the ah pretty system knows that the partition boot has I was X Y z the master who has follows ABC

06:10

in comparison to a fat file system of closer sized Mayberry from

06:14

152 bites to 64 kilobytes.

06:17

If it's the largest, then that means it's a larger cluster size doing any file creation, including directories. A record of that file is stored within the master file table. I hope you enjoyed today's election