课程: Operating System Forensics

Linux file systems

课程: Operating System Forensics

开始一个月试用

Linux file systems

- [Instructor] Linux uses a default file system called Extensible File System or ext. ext has been evolving since its creation in 1992. Its latest version is ext4. Unix existed well before Linux and the ext file systems build on the Unix file system design concepts. Like its cousin Unix, Linux treats everything as a file, including directories and devices like printers. On a Linux file system, a directory is simply another file containing information about the files in the same container. In Linux, a Superblock stores details on the configuration of its file system. It keeps track of the locations of the critical data structures of the file system and their sizes. Superblock entries include the total number of free blocks and the size of each block. ext uses blocks and block groups, while Windows-based file systems rely on clusters. Block groups are a set of continuous blocks necessary to enhance the performance of the ext file system. Block groups attempt to keep fragments of the same file as close to one another as possible. Each block group has its own Superblock, data blocks, and block bitmap, which is a sequence of bits representing a block's state. A block bitmap can be used to indicate whether a block is available or not. A block group also includes group descriptors, a inode table, and an inode bitmap. One purpose of the group descriptor block is to indicate how full a block group is. An inode is a data structure that describes files and directories in the ext file system. It stores the metadata on the files and directories. Linux keeps track of inodes in a table called inode table. The inode bitmap is similar to the block bitmap, but maintains information on the inode's status, such as whether it's being used.

内容