UFS1 and UFS2 Data Structures

This chapter describes the data structures that make up a UFS1 or UFS2 file system. The general concepts and analysis techniques for UFS were discussed in the previous chapter, and this chapter shows the layout of the data structures and where they are located in an example file system image. It is assumed that you are reading this chapter in parallel with the previous chapter or that you have already read it. As mentioned in the previous chapter, the UFS data structures contain multiple fields to store a single value in different formats. For example, the size of a block is stored both as a number of fragments and as a number of bytes. The different formats prevent the OS from having to calculate the different values each time. Although some OSes may require that both be set to equivalent values, it is not essential that both of them be set. Yet it is not trivial to identify which of the formats is essential. One OS could determine the block size based only on the byte size, and another could determine the block sized based only on the fragment size. It is essential to know the block size, but it is not essential which format to use. In this chapter, I have identified one of the formats as essential, but it may not apply to all tools or OSes.





File System Forensic Analysis
File System Forensic Analysis
ISBN: 0321268172
EAN: 2147483647
Year: 2006
Pages: 184
Authors: Brian Carrier
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net