Welcome to everyday did your friend's ex. I'm your host, your son, you said, And I'll be guiding you through today's episode on file system types
before we step into today's episode. That's review logical expressions. Take a few moments to review the expressions and try to solve it.
So number one true and false gives you the value of false, false or false gives you another value. Falls
False and true give you the value of falls. But when you not it, which is Thean version of it, you get true
a number four based on the truth tables you see
on the left side of screen,
you can see that zero is the same representation as falls on one is the same. Representation is true
When we not one, we get again zero and then zero or zero return zero.
And when you and the two zeros who had a value of their
the following videos were reviews several fouls system types, the focus of this module will be between
the fat file system and anti FS.
This video would give you an introduction to these two types
well, first, to find the fat follow system
examining an example of its structure
to find the anti FS fall system
and then do a forensics comparison between these two systems.
While this Monjo is solely focused on only NDFs in the fat file system, I like to take a moment to recognize the other foul systems out there.
Some of these systems are used in combination with the fact file system
and TFS or even the HFS in us, which is the Mac version.
These foul systems are used as either partitions within on operating systems that handle operational tasks, data or various operations, and Storch, such as the U. S. V is your flash drives or your CDs.
Lennox supports numerous file systems,
while Mac mainly uses the Apple fall system. The eight PFS
It was a replacement off you
So the fat bowel system,
what is file allocation table? This is the breakdown over fat file system is the file Allocation table is a simple file system structure that was originally designed for small disk or very simple file structures. The file allocation table is a simple file system originally designed for small disk
or just simple file structures.
The name is based on its method organizations
on a resigns primarily at the beginning of the volume.
There's two copies of the
final indication that's kept,
and this way you're able to correlate between the two and and determine if one of them has become corrupted or damage.
So now, looking at the system structure, as I mentioned earlier, the file allocation table two copies of it, and it's located at beginning. The root folder itself is at a fixed location ists.
If you see in the top right corner,
you can see that as a fat file system. It's structured in the way that first, the partition boot structure.
Then you get your first file allocation table. The duplicate five location table.
Your root folder, which will go ahead and to find in the next video
on and for the rest of the storage face is just other folders and files. The fat file system is based on allocating into clusters
the defaults cluster sizes based on if you look at the bottom right corner, you see the differences between the puree versions of fat policies, and you have that 12 at 16 fat 32. The bits per cluster as you transition between the systems increase and so does the cluster size.
For the fat file system. The cluster number must fit within a 16 bit
and must be within the power of two. So that's the fat follow system novel into the NT FS file system.
So NDFs stands for new technology file system.
It was originally introduced by Marcus off in 1993 within the release of Windows NT 3.1. Currently, the Windows Server line of operating systems
primary use anti of us. It's supported both in Lenox on BSD for markets only supported as a read only
in permits between NT fs. In fact, file system is NT FS supports man's data and events. Data structures will go into this more as we define anti of us. And, of course, there's an elaborate security system based on access control lists, also known as A, C. L's and journaling with
within the file system
and if s could be primary found within Windows operating systems. So when you're performing forensics on an anti FS file system, your based around a Windows machine.
So how does NT FS work?
Everything in an TFS is a file. Everything about that file is stored in its attributes. We have data attributes, foul name attributes and security attributes. Each of these files has four timestamp attributes from create modification, access and entry modified.
Any object within an anti FS file system is defined as a file. And all those files can tell you. When I was created, when I was last modified, when I was last access
and when the entry itself was modified during the process of for many in the hard does, such as installing the operative system to your machine that this itself is divided into the partition. If you see in the bottom right corner, the partitions are split into the partition boot sector.
The Master Powell table, which will get in more to later videos, those system files and then the file areas. This is quite similar to how the follow system the fat house system was structured. Re hand your
partition tables. You're fat, you're fat, your route and then the general file areas feel s itself. Keep trucks of all the files that are stored in each partition. So the ah pretty system knows that the partition boot has I was X Y z the master who has follows ABC
in comparison to a fat file system of closer sized Mayberry from
152 bites to 64 kilobytes.
If it's the largest, then that means it's a larger cluster size doing any file creation, including directories. A record of that file is stored within the master file table. I hope you enjoyed today's election
in cities like sure, we gave brief examples of other foul systems outside of the fat and anti FS file systems and just maybe a basic overview off the to file systems and the next video we'll be examining the fat vowel system, defining its concept since understanding its structure.
Evidence Handling: Do it the Right Way
It is critical for incident responders to know about proper digital evidence collection. In this ...
1 CEU/CPE Hours Available
Certificate of Completion Offered
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered