Difference between pages "File Systems" and "Fast Thunder"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Full Disk Encryption)
 
(Example queries)
 
Line 1: Line 1:
= Conventional File Systems =
+
'''Fast Thunder''' (aka Xunlei) is a [[Download manager|download manager]] developed by Thunder Networking Technologies.
  
; HFS
 
: Used by Apple systems, it has been succeed by HFS+
 
  
; ffs
+
== SuperDownload database ==
: The Fast File System, a variant of ufs that is faster and supports symbolic links.
+
The '''SuperDownload database''' can be found at:
  
; ext2fs, ext3
+
On Windows
: ext2fs was introduced with Linux. ext3 is a journaled version of ext2 which allows for speedy disk recovery after a crash.
+
<pre>
 +
C:\Program Files\Thunder Network\Thunder\data\SdInfoDb.dat
 +
</pre>
  
; reiserfs
+
This file uses the [[SQLite database format]].
: A journaling filesystem for Linux
+
  
; [[FAT]]
+
The timestamp:
: Originally used by MSDOS. Includes FAT12 (for floppy disks), FAT16 and FAT32
+
* SuperDownloadInfo.ContentDownloadTime is stored as BIGINT and contains a POSIX timestamp
 +
* SuperDownloadResource.DownloadTime is stored as BIGINT and contains '''presumably''' a POSIX timestamp
  
; NTFS
+
== Task database ==
: The New Technology File System, introduced by Microsoft with Windows NT 4.0. Now used on XP.
+
The '''Task database''' can be found at:
  
; ufs
+
On Windows
: The Unix File System, introduced with Unix.
+
<pre>
 +
C:\Program Files\Thunder Network\Thunder\Profiles\TaskDb.dat
 +
</pre>
  
;
+
The timestamp:
 +
* TaskBase.CreationTime is stored as BIGINT and contains a POSIX timestamp shifted 24-bits to the left, e.g.
 +
<pre>
 +
printf "0x%x\n" 22090158425767936
 +
0x4e7ae1ce000000
  
 +
date -d @$(( 22029112998625280 >> 24 ))
 +
Thu Aug 11 06:37:35 CEST 2011
 +
</pre>
  
= Cryptographic File Systems =
+
=== Example queries ===
Cryptographic file systems encrypt information before it is stored on the media. Some of these file systems store encrypted files directly. Others are better thought of as device drivers, which are then used to store some of the file systems discussed above.
+
Some example queries:
  
; Apple's File Vault
+
To get an overview of the tasks:
: A clever user interface to Apple's encrypted disk images. Uses the ".sparseimage" extension on disk files.
+
<pre>
 +
SELECT datetime((TaskBase.CreationTime >> 24), "unixepoch"), TotalReceiveSize, TotalSendSize, Url, ReferenceUrl, Name, Description, SavePath FROM TaskBase;
 +
</pre>
  
; CFS - Matt Blaze's Cryptographic File System for Unix
+
== See Also ==
: http://www.crypto.com/papers/cfskey.pdf Key Management in an Encrypting File System], Matt Blaze, USENIX Summer 1994 Technical Conference, Boston, MA, June 1994.
+
: http://www.crypto.com/papers/cfs.pdf A Cryptographic File System for Unix], Matt Blaze, Proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993.
+
  
 +
* [[SQLite database format]]
  
; NCryptfs
+
== External Links ==
: http://www.fsl.cs.sunysb.edu/docs/ncryptfs/ncryptfs.pdf NCryptfs: A Secure and Convenient Cryptographic File System ], Charles P. Wright, Michael C. Martino, and Erez Zadok, Stony Brook University ,USENIX 2003 Annual Technical Conference.
+
* [http://en.wikipedia.org/wiki/Xunlei Wikipedia article on Fast Thunder (Xunlei)]
  
 
+
[[Category:Applications]]
 
+
[[Category:Download Managers]]
; Transparent Cryptographic File System
+
: http://www.tcfs.it/
+
 
+
; SFS - Secure File System
+
: http://atrey.karlin.mff.cuni.cz/~rebel/sfs/
+
 
+
== Full Disk Encryption ==
+
; Seagate FDE
+
: http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
+
 
+
; Network Appliance
+
: http://www.netapp.com/ftp/decru-fileshredding.pdf
+
 
+
; Jetico BestCrypt
+
: http://www.jetico.com/
+
 
+
; beCryot
+
: http://www.becrypt.com/our_products/disk_protect.php
+

Revision as of 06:50, 21 March 2012

Fast Thunder (aka Xunlei) is a download manager developed by Thunder Networking Technologies.


Contents

SuperDownload database

The SuperDownload database can be found at:

On Windows 

C:\Program Files\Thunder Network\Thunder\data\SdInfoDb.dat

This file uses the SQLite database format.

The timestamp:

  • SuperDownloadInfo.ContentDownloadTime is stored as BIGINT and contains a POSIX timestamp
  • SuperDownloadResource.DownloadTime is stored as BIGINT and contains presumably a POSIX timestamp

Task database

The Task database can be found at:

On Windows 

C:\Program Files\Thunder Network\Thunder\Profiles\TaskDb.dat

The timestamp:

  • TaskBase.CreationTime is stored as BIGINT and contains a POSIX timestamp shifted 24-bits to the left, e.g. 
printf "0x%x\n" 22090158425767936
0x4e7ae1ce000000

date -d @$(( 22029112998625280 >> 24 ))
Thu Aug 11 06:37:35 CEST 2011

Example queries

Some example queries:

To get an overview of the tasks: 

SELECT datetime((TaskBase.CreationTime >> 24), "unixepoch"), TotalReceiveSize, TotalSendSize, Url, ReferenceUrl, Name, Description, SavePath FROM TaskBase;

See Also

External Links

Retrieved from "http://www.forensicswiki.org/w/index.php?title=File_Systems&oldid=11426"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox