Thursday, March 15, 2012

File System at Glance

When we want to learn about Computer Forensic, File System can't be excluded from our learning material. So, in this post I'll explain a little about File System.

File system is a method, how to deal with files on a computer. How the data organized, stored, updated, modified, as well as manage the available free space on the storage media. The type of a hardware filesystem is usually adjusted with the characteristics of the storage device. So, the filesystem of the Harddisk is usually different with the filesystem of a Flashdisk or a Floppydisk. Another adjustment is including an Operating System as its parameter. Windows filesystem (which usually is FAT or NTFS), is different with Linux filesystem (ext2,ext3,ext4), as well as Mac filesystem. Still, nowadays an Operating System able to use more than one filesystem.

Lets talk about FAT filesystem first..  :3
FAT(File Allocation Table) is a light-weight filesystem, simple and reliable. It offers a good performance and is implemented in a wide variety of storage devices.

Introduced by Microsoft in 1981. Initially, this filesystem is designed to manage files in the floppy drive(very old huh?  :P ), FAT16 have some changes and modifications so that, later this filesystem used to manage files in the harddisk. The advantages of this filesystem is its compatibility on almost all Operating System like Windows 95/98/ME, OS/2, Linux and even Unix. But behind that, the biggest problem from this filesystem is the fixed sized cluster on the partiton. So, bigger harddisk means bigger cluster, meaning don't care how small the size of a file is will still require 16Kb space from the harddisk. Another cons, FAT16 doesn't support compression, encryption and access control on the partition.
Advantages of FAT16 are:
  • MS-DOS, Windows 95, Windows 98, Windows NT, Windows 2000, and some UNIX operating systems can use it.
  • There are many tools available to address problems and recover data.
  • If you have a startup failure, you can start the computer with an MS-DOS bootable floppy disk.
  • It is efficient, both in speed and storage, on volumes smaller than 256 MB.
Disadvantages of FAT16 are:
  • The root folder can manage a maximum of 512 entries. The use of long file names can significantly reduce the number of available entries.
  • FAT16 is limited to 65,536 clusters, but because certain clusters are reserved, it has a practical limit of 65,524. Each cluster is fixed in size relative to the logical drive. If both the maximum number of clusters and their maximum size (32 KB) are reached, the largest drive is limited to 4 GB on Windows 2000. To maintain compatibility with MS-DOS, Windows 95, and Windows 98, a FAT16 volume should not be larger than 2 GB.
  • The boot sector is not backed up.
  • There is no built-in file system security or file compression with FAT16.
  • FAT16 can waste file storage space in larger drives as the size of the cluster increases. The space allocated for storing a file is based on the size of the cluster allocation granularity, not the file size. A 10-KB file stored in a 32-KB cluster wastes 22 KB of disk space.

Started to be used on Windows 95 SP2 system. This filesystem is the development of FAT16. FAT32 can handle bigger cluster partition on the partiton. Beside that, FAT32 also make the harddisk performance become better than when using FAT16. But, FAT32 also have a cons that doesn't owned by FAT16 that is the operating system compatibility. Not like FAT16 that can be known widely by operating system.

Advantages of FAT32 are :
FAT32 allocates disk space much more efficiently than previous versions of FAT. Depending on the size of your files, there is a potential for tens and even hundreds of megabytes more free disk space on larger hard disk drives. In addition, FAT32 provides the following enhancements:
  • The root folder on a FAT32 drive is now an ordinary cluster chain, so it can be located anywhere on the volume. For this reason, FAT32 does not restrict the number of entries in the root folder.
  • It uses space more efficiently than FAT16. FAT32 uses smaller clusters (4 KB for drives up to 8 GB), resulting in 10 to 15 percent more efficient use of disk space relative to large FAT16 drives. FAT32 also reduces the resources necessary for the computer to operate.
  • FAT32 is more robust than FAT16. FAT32 has the ability to relocate the root directory and use the backup copy of the FAT instead of the default copy. In addition, the boot record on FAT32 drives has been expanded to include a backup of critical data structures. This means that FAT32 volumes are less susceptible to a single point of failure than FAT16 volumes.
Disadvantages of FAT32 include:
  • The largest FAT32 volume Windows 2000 can format is limited in size to 32 GB.
  • FAT32 volumes are not accessible from any other operating systems other than Windows 95 OSR2 and Windows 98.
  • The boot sector is not backed up.
  • There is no built-in file system security or compression with FAT32.
New Technology File System(NTFS) firstly introduced on Windows NT and a filesystem that have a technology that really different that FAT technology. NTFS have a better security system, file compression, and file encryption. Generally, NTFS doesn't compatible with another operating system that installed on the same machine (Dual OS). NTFS highly surpass FAT filesystem in the terms of performance and security. NTFS also support the use of metadata and the use of advanced data structures to improve performance, reliability, and disk space utilization, plus additional extensions such as access control lists and file system journaling. NTFS developed from the version 1.0 to version 3.5 that used in Windows XP.

Ok, Now lets talk about Ext file system.  :3
Ext stands for Extended. Until now, it has 3 versions that is ext2,ext3 and ext4 where each of it is the development from the previous version.

Ext2 - Second Extended File System
Firstly introduced and integrated in the Linux kernel. Nowadays, this filesystem is still developed so that it can be used on the other operating system. In the Ext2 filesystem, a file is stored as data blocks. Each block of data have a same length. Some advantages of this filesystem are, Ext2 able to handle a big sized partition, able to read some files from UNIX.
  • Ext2 does not have journaling feature.
  • On flash drives, usb drives, ext2 is recommended, as it doesn’t need to do the over head of journaling.
  • Maximum individual file size can be from 16 GB to 2 TB
  • Overall ext2 file system size can be from 2 TB to 32 TB

Ext3 - Third Extended File System
Like I wrote before, this filesystem is the development of the Ext2 filesystem. Some improvements and fixes is included. Like the journaling system. In the Ext3 the journaling system grealy help the system to protect the data stored inside. With the journaling system, we don't have to check the consistency of the data which will take a great time in the large harddisk. In the terms of data integrity and consistency, we can choose the type and the protection level of the data stored.
  • It was introduced in 2001. Developed by Stephen Tweedie.
  • Starting from Linux Kernel 2.4.15 ext3 was available.
  • The main benefit of ext3 is that it allows journaling.
  • Journaling has a dedicated area in the file system, where all the changes are tracked. When the system crashes, the possibility of file system corruption is less because of journaling.
  • Maximum individual file size can be from 16 GB to 2 TB
  • Overall ext3 file system size can be from 2 TB to 32 TB
  • There are three types of journaling available in ext3 file system.
    • Journal – Metadata and content are saved in the journal.
    • Ordered – Only metadata is saved in the journal. Metadata are journaled only after writing the content to disk. This is the default.
    • Writeback – Only metadata is saved in the journal. Metadata might be journaled either before or after the content is written to the disk.
  • You can convert a ext2 file system to ext3 file system directly (without backup/restore)

I hope this article helps you to understand file system more clearly..  ^_^

"the quieter you become, the more you are able to hear.."


Bl4ck.Viper said...

thanks for sharing
what is your theme name?
i love your ubuntu theme
thank you

yudhiagust said...

hi Bl4ck. Viper.. :)

its called "Equinox"
there are more than 5 color scheme for this theme..

if i'm not mistaken you can find it in gnome-looks..

anyway, thanks for coming.. :D

Anonymous said...

copas ya gan

Anonymous said...

ijin bwt garap laporan file sistem bsk pg gan ;p

Anonymous said...

makasih ya gan

Anonymous said...

kok jamnya beda sama t4 saya ya gan?

dragon_master said...

> Anonymous : Alhamdulillah artikel ane bermanfaat..
jangan lupa sertain sumber ya.. :)
Terima kasih.. :D

Anonymous said...

pasti pake sumber gan

dragon_master said...

Alhamdulillah... :D

Post a Comment