Define file system in a way that a juror would be likely to

Define “file system” in a way that a juror would be likely to understand. Include how various file systems differ from one another. Provide an analogy for explaining file systems to a jury. For instance, in the book File System Forensic Analysis by Brian Carrier, he uses the analogy of a series of filing cabinets in a doctor’s office and describes the process of filing and retrieving patient records. In preparing your response, consider the varying backgrounds of jurors. Some may have limited or no computer experience while others may have extensive technical backgrounds. Thus, explanations should be simple and easy to understand while maintaining complete accuracy.

Solution

let me explain about file system

file system is the way in which files are named and where they are placed logically for storage and retrieval.

->File systems specify conventions for naming files

->it has directories with specified path and format

->It also determines the level of accessibility available to users.

types

FAT File System:

FAT stands for \"File Allocation Table\".
The file allocation table is used by the operating system to locate files on a disk. A file may be divided into many sections and scattered around the disk due to fragmentation. FAT keeps track of all pieces of a file. In DOS systems, FAT is stored after boot sector. The file system has been used since the advent of PC.

features

FAT file system used by MS-DOS provides file name of only 8 characters long
File names can contain any character except “/ \\ [] = , ^ ?a “”

security

FAT does not support local and folder security.

2.FAT32 File System:

FAT32 is an advanced version of FAT file system.

It can be used on drives from 512 MB to 2TB in size. One of the most important features of FAT and FAT32 is that they offer compatibility with operating systems other than Windows 2000 also.

feature

Partition size:

FAT32 increases the number of bits used to address cluster. A cluster is a set of sectors. It reduces the size of each cluster. It supports larger disk (up to 2TB) and better storage efficiency.

Access Speed:

FAT32 provides good file access in partition sizes less than 500 MB or greater than 2 GB. It provides better disk space utilization.

3:NTFS File System:

NTFS stands for \"New Technology File System\".Windows 2000 professional fully supports NTFS. It has the following characteristics.

feature

Naming Conventions:

File names can be up to 255 characters
File names can contain most characters except “ / \\ * | :
File names are not case sensitive

Security:

NTFS provides file and folder security. Files and folders are safer than FAT. Security is maintained by assigning NTFS permissions to files and folders.

Partition Size:

The NTFS partition and file sizes are much bigger than FAT partitions and files. The maximum size of an NTFS partition or file can be 16 Exabyte. However, the practical limitation is two Terabytes. The file size can be in the range of 4GB to 64GB.

File compression:

NTFS provides file compression of as much as 50%.

High reliability:

NTFS is highly reliable. It is recoverable file system. It uses transaction logs to update the file and folders logs automatically. The system also has a great amount of fault tolerance. It means that if transaction fails due to power or system failure, the logged transactions are used to recover the data.

Bad cluster Mapping:

NTFS supports bad-cluster mapping. It means that file system detects bad clusters or areas of disk with errors. If there is any data in those clusters, it is retrieved and stored on another area. The bad clusters are marked to prevent data storage in those areas in futre.

analogy:

This is my FAT analogy:

we know that A file system is like a filing cabinet full of hanging folders.
At the front of the cabinet is list of all the files, and within which folders they are contained.
When a file is deleted, the entry for that file on the list is marked as available to be used, but the folder is not emptied until you replace it with a new file.

At some point, a new file entry may be written over the entry in the list, and also at some point the folder may have it\'s contents taken out to make room for a new file. These events don\'t necessarily happen at the same time. Only once the contents of the folder have been thrown out to be replaced with a new file is the old file truly gone.

warning on that comment for file slack, but that\'s good enough for starters. I use an analogy of wiping off part of a whiteboard for file slack. Also of course you can use different security software and features, and different file systems manage this slightly differently. NTFS for example combines both the index and the file for resident files. For non-resident files, if the run lists can be completely contained in a single entry, it\'s much easier to recover than for example FAT if the file is fragmented. Of course, when a resident file entry is overwritten, so is the file content itself (again warning for record slack).

.