Term
|
Definition
- Provide a mechanism for users to store data in a hierarchy of files and directories.
- Consists of structural and user data that are organized such that the computer knows where to find them
- Independant from any specific computer.
|
|
|
Term
|
Definition
- File systems use logical volume addresses but also assign logical file system addresses because they group consecutive sectors to form a data unit.
- File systems use boh Sector and ___ addesses
|
|
|
Term
| Data Unit Allocation Strategies |
|
Definition
- OSes use different data allocation strategies
- While allocation of consecutive data units is tried in typical cases, it is not always possible and a file can be fragmented.
- Three strategies
- First Available: from the beginning
- Next Available: from the last allocated cluster
- Best fit: searches for consecutive data units
- To update a file, applications can create a new copy or modify the existing file.
|
|
|
Term
|
Definition
- Many file systems have ability to mark a data unit as damaged
- No need in modern HDD that detects bad sectors
- A user could manually add a data unit to the damaged sector list and place data in it
- Acquisition tools report bad sectors, so that report can be compared to the damaged sector list to identify sectors that may have been manually added to hide data.
|
|
|
Term
| Data Categories in File System |
|
Definition
- All data in a file system belong to one of the following categories:
- File System: category contains the general file system information
- Content: category contains the data that comprise the actual content of a file
- Metadata: category contains the data that describe a file
- File Name: category, or human interface category, contains the data that assign a name to each file
- Application: category contains data that provide special features
|
|
|
Term
|
Definition
- A file must allocate a full data unit, even if it needs only a small part of it
- the unused bytes in the last data uniit are called slack space
- Considered allocated space
- Two slack spaces
- RAM Slack - between the end of the file and the end of the sector in which the file ends
- OS determines what to pad the file content with (e.g. most OS fills with 0s, early Windows fill data in memory (RAM Slack))
- File Slack - the remaining unused sectors in the data unit
- some OSes wipe the sectors, others ignore them
|
|
|
Term
| File Allocation Table (FAT) File System |
|
Definition
- One of the most simple file systems found in common operating systems
- FAT system is the primary file system of the Microsoft DOS and Windows 9x operating systems
- FAT system is supported in later Windows systems
- 2 important data structures in FAT system
- Directory Entries
- File Allocation Table (FAT)
|
|
|
Term
| Data unit in Data Area (FAT System) |
|
Definition
- Data area (excluding root dir in FAT 12/16) uses cluster addresses. (The reserved area and FAT area use sector addresses)
- The first cluster is cluster 2
- Cluster 2 in FAT 12/16 vs. FAT32
- FAT 12/16: after root directory
- Root directory is located at the very beginning of data area
- FAT 32: after FAT area, which means the first sector of data area
|
|
|
Term
|
Definition
- When a file is deleted from within Windows,
- the directory entry is marked as unused and
- the FAT entries for the clusters are set to 0.
- We can find the starting location (cluster) and the size of the file. However, we have no information about the remaining clusters in the file/
- Two approaches for choosing the remaining clusters
- blindly read the amount of data needed for the file size
- read only from the unallocated clusters
|
|
|
Term
| FAT File System - Boot Sector |
|
Definition
- Located in the first sector of FAT file system
- Part of the reserved area
- FAT 12/16 and FAT 32 have different versions of the boot sector, but they both have the same initial 36 bytes
|
|
|
Term
|
Definition
- includes hints about where the operating system can allocate new clusters
- Its location is given in the Boot Sector (byte 48-49)
- Part of the reserved area
|
|
|
Term
| File Allocation Table (FAT) |
|
Definition
- Two Purposes
- To determine the allocation status of a cluster
- To find the next allocated cluster in a file or directory
- Typically two FATs in a FAT file system, but exact number is given in the boot sector
- First FAT starts after the reserved sectors (reserved sector size is also given in the boot sector)
- Total size of each FAT is also given in the boot sector
- Second FAT, if it exists, starts in the sector following the end of the first FAT
|
|
|
Term
| FAT Directory Entry (NOT ON THE FIRST TEST) |
|
Definition
- Contains the name and metadata for a file or directory
- Located in the clusters allocated to the file's parent
directory
- Data structure supports a name that has only 8 characters in the name and 3 characters in the extension
- First byte of the data structure works as the allocation status, and if it is set to 0xE5 or 0x00, the directory entry is unallocated.
- Otherwise, the (first) byte is used to store the first character of the file name
- Each directory has 32 bytes in size
|
|
|
