ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Identifying file systems

From ForensicsWiki
Revision as of 08:29, 31 July 2012 by Joachim Metz (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

There are many ways to identify a file system inside a partition.

When an operating system attempts to mount a partition, it may use the ID from the partition table.

There are several tools that can identify the partition from the data it contains, including:

In general you should not rely on the partition record for determining the partition type.

Some of the test images created for the Honeynet Challenges have multiple file systems contained in a single partition.