Disk / FS Features


#1

Disk / Volume FS Features To Generate:

Disk wrappers:

  • raw, qcow, rhevm, vmware, vix, MSVS*
  • local device?

Volume:

  • DOS Partition - Starting / Ending addresses, size, type
  • DOS MBR - parameterized DOS partitions + header/ender
  • GPT Header - size, addresses, guid, # of entries
  • GPT Partition - guid, start / end addresses, attributes, name

FAT:

  • Boot Sector: FAT 12/16/32, sizes, addresses, number of sectors, label
  • FAT record value: cluster state/address
  • FAT Table: array of record values
  • Timestamp (convert to/from)
  • Directory Entry: filename, timestamps, cluster address
  • Long File Name Directory Entry
  • Abstract Directory Entry (generate regular or long based on specified name)

NTFS:

  • Cluster Run (convert to/from addresses)
  • MFT Entry Header: size, attribute offset, next attribute id
  • Attribute Header: type, length, name, flags, content (if resident) or content size / offset
  • Attribute:
  • Attributes:
    • standard information: timestamps, flags, id’s
    • attribute list
    • file name: name, timestamps, size, namespace
    • object_id: various ids
    • data: file contents
    • index_root: attribute type, index record size, entries
    • index_allocation: entries
    • index node header
    • index entry: length, content, flags
    • directory entry: file reference, length, flags, file_name attr
    • bitmap
  • File:
    • MFT
    • Volume
    • AttrDef : attribute names, types
    • Bitmap : allocated clusters
    • Boot: sectors, addresses

EXT3:

  • superblock : inodes, blocks, fragments, timestamps, flags, addresses
  • group descriptor table: block, inode bitmap/table, addresses, numbers
  • block bitmap
  • inode: timestamps, flags, pointers, acl, fragment size
  • extended attribute: name, type, flags, value
  • directory entry: length, name
  • hash tree node: length, leaves, block / node address

EXT4:

  • EXT3/*
  • Extent Node: block address, # of blocks
  • Extent Tree: length, leaves

Reiser:

XFS:

  • superblock: block/extent/inode sizes, uuid, flags
  • inode: timestamps, flags, uid/gid, size, extents
  • directory: inode, name
  • directory entry: name, address
  • b+ tree