Difference between revisions of "Identifying file systems"

From Forensics Wiki
Jump to: navigation, search
m
 
(One intermediate revision by one user not shown)
Line 5: Line 5:
 
There are several tools that can identify the partition from the data it contains, including:
 
There are several tools that can identify the partition from the data it contains, including:
 
* [[blkid]]
 
* [[blkid]]
 +
* [[file]]
 
* [[parted]]
 
* [[parted]]
 
* [[testdisk]]
 
* [[testdisk]]
Line 11: Line 12:
  
 
Some of the test images created for the [http://wiki.sleuthkit.org/index.php?title=Case_Studies Honeynet Challenges] have multiple file systems contained in a single partition.
 
Some of the test images created for the [http://wiki.sleuthkit.org/index.php?title=Case_Studies Honeynet Challenges] have multiple file systems contained in a single partition.
 +
 +
[[Category:File Systems]]

Latest revision as of 03:29, 31 July 2012

There are many ways to identify a file system inside a partition.

When an operating system attempts to mount a partition, it may use the ID from the partition table.

There are several tools that can identify the partition from the data it contains, including:

In general you should not rely on the partition record for determining the partition type.

Some of the test images created for the Honeynet Challenges have multiple file systems contained in a single partition.