Difference between revisions of "Identifying file systems"

From Forensics Wiki
Jump to: navigation, search
m (New page: There are many ways to identify a file system inside a partition. When an operating system attempts to mount a partition, it may use the ID from the partition table. There are several to...)
 
 
(2 intermediate revisions by one user not shown)
Line 5: Line 5:
 
There are several tools that can identify the partition from the data it contains, including:
 
There are several tools that can identify the partition from the data it contains, including:
 
* [[blkid]]
 
* [[blkid]]
 +
* [[file]]
 
* [[parted]]
 
* [[parted]]
 +
* [[testdisk]]
  
 
In general you should not rely on the partition record for determining the partition type.
 
In general you should not rely on the partition record for determining the partition type.
  
 
Some of the test images created for the [http://wiki.sleuthkit.org/index.php?title=Case_Studies Honeynet Challenges] have multiple file systems contained in a single partition.
 
Some of the test images created for the [http://wiki.sleuthkit.org/index.php?title=Case_Studies Honeynet Challenges] have multiple file systems contained in a single partition.
 +
 +
[[Category:File Systems]]

Latest revision as of 03:29, 31 July 2012

There are many ways to identify a file system inside a partition.

When an operating system attempts to mount a partition, it may use the ID from the partition table.

There are several tools that can identify the partition from the data it contains, including:

In general you should not rely on the partition record for determining the partition type.

Some of the test images created for the Honeynet Challenges have multiple file systems contained in a single partition.