Any tool under linux to parsing BPB/Bs/FAT table?
Greg Freemyer
greg.freemyer at gmail.com
Mon Dec 20 10:56:20 EST 2010
On Mon, Dec 20, 2010 at 2:45 AM, loody <miloody at gmail.com> wrote:
> Dear all:
> I recently trace FS/fat and I want to know is there any utility under
> linux that can help us to easily parse BPB/BS or FAT tables?
>
> appreciate your help,
> miloody
TSK3 apparently does some FAT analysis/parsing.
See this extracted from
http://www.sleuthkit.org/sleuthkit/docs/api-docs/files.html
===
tsk3/fs/fatfs.c Contains the internal TSK FAT file system code to
handle basic file system processing for opening file system,
processing sectors, and directory entries
tsk3/fs/fatfs_dent.c Contains the internal TSK FAT file name processing code
tsk3/fs/fatfs_meta.c Contains the internal TSK FAT file system code to
handle metadata structures
===
TSK3 is command line I believe. (I've not used it.)
TSK3 is included in Sleuthkit, which is a pretty basic gui I believe
plus some wrappers.
Both TSK3 and Sleuthkit are in the more modern GUI: PTK.
http://ptk.dflabs.com/
All of the above is opensource I believe. (I normally use commercial
software for filesystem analysis, so I have not used any of the above.
The only commercial linux filesystem anal. tool that I know of is
"smart". http://www.asrdata.com/forensic-software/smart-for-linux/ I
haven't tried it in years, so I can't say how good/bad it is
currently.)
Greg
More information about the Kernelnewbies
mailing list