Outline 1. FAT12/16/32 ü Introduction ü Internals ü Directory Structure ü Example

FAT12/16/32 File System Twitter : @pr0neer Blog : Email : proneer@gmail.com Kim Jinkook

Outline 1. FAT12/16/32 ü Introduction ü Internals ü Directory Structure ü Example

FAT12/16/32 Introduction Security is a people problem

FAT12/16/32 Introduction FAT (File Allocation Table) MS-DOS 시절부터사용 간단한구조로메모리카드, 디지털카메라, 플래시메모리등에널리사용 FAT12, FAT16, FAT32, (exfat) FAT 뒤의숫자는표현가능한최대클러스터수 000h, 001h, FF6h~FF 로는예약된값 (12 개 ) FAT 형식 최대표현가능한클러스터수 볼륨크기 클러스터크기 FAT12 4,084 (2 12-12) FAT16 65,524 (2 16-12) FAT32 268,435,444 (2 28-12) 32MB 8GB 8GB 16GB 16GB 32GB 32GB - 4 KB 8 KB 16 KB 32 KB FAT 형식에따른최대표현가능한클러스터수 FAT32 에서볼륨크기에따른클러스터크기

FAT12/16/32 Introduction FAT (File Allocation Table) FAT32 용량제한 (268,435,444 클러스터 ) 4 KB 의경우 1 TB 까지표현 32 KB 의경우 8 TB 까지표현 è MBR 구조의제한으로 2 TB 까지만표현가능 exfat (extended FAT) 윈도우 Embedded CE 6.0 부터사용 (Vista 이상은기본지원, XP 는패치설치 ) 클러스터표현비트를 64 비트로확장 비트맵사용 TFAT 지원 UTC (Universal, Coordinated) 지원 è 시간정밀도 10 ms (NTFS : 100 ns)

FAT12/16/32 Internals Security is a people problem

FAT12/16/32 Internals Structure 예약된영역, FAT 영역, 데이터영역 FAT Data FAT 형식예약된영역크기 ( 섹터 ) FAT12 1 FAT16 1 FAT32 32 FAT 형식에따른예약된영역의섹터수

FAT12/16/32 Internals (FAT12/16) FAT Data Boot 1 sector

FAT12/16/32 Internals (FAT32) FAT Data Boot FSINFO (FAT32 only) Boot Strap (FAT32 only) More reserved sectors (FAT32 only) 32 sectors

FAT12/16/32 Internals (FAT32) FAT Data Boot FSINFO (FAT32 only) Boot Strap (FAT32 only) More reserved sectors (FAT32 only) 32 sectors FAT32 (32 sectors) MBR + MBR Slack ( )

FAT12/16/32 Internals (FAT32) FAT Data Boot FSINFO (FAT32 only) Boot Strap (FAT32 only) More reserved sectors (FAT32 only) 32 sectors 0 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1

FAT12/16/32 Internals (FAT32) FAT Data Boot FSINFO (FAT32 only) Boot Strap (FAT32 only) More reserved sectors (FAT32 only) 32 sectors 0 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1 0, 6 번섹터 : 볼륨부트섹터 (Volume Boot ) 1, 7 번섹터 : File System Information (FSINFO) 구조체 2, 8 번섹터 : 부트스트랩코드 (Boot Strap Code)

FAT12/16/32 Internals (FAT32) FAT Data Boot FSINFO (FAT32 only) Boot Strap (FAT32 only) More reserved sectors (FAT32 only) 32 sectors FAT 형식범위설명 FAT12/16 FAT32 0 2 Jump command to boot code FAT12/16 3 61 FAT32 3 89 BIOS Parameter Block(BPB) FAT12/16 62 509 FAT32 90 509 Boot code Error message FAT12/16 FAT32 510-511 Signature (0x55AA) 부트섹터데이터구조

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Jump Boot Code : 부트코드로점프하기위한명령어 (0xEB5890) EB58 : jmp 0000005A 90 : nop

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type OEM ID : 운영체제버전별 ID Win95 : MSWIN4.0 Win98 : MSWIN4.1 Win2K/XP/Vista : MSDOS5.0 Linux : mkdosfs

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Bytes Per : 섹터당바이트수 Per Cluster : 클러스터당섹터수 Count : 예약된영역섹터수 (FAT12/16 = 1, FAT32 = 32, 가변형 )

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Number of FAT Tables : FAT 테이블수 ( 보통 0x02) Root Directory Entry Count : FAT12/16 에서루트디렉터리가포함하는최대파일수 (FAT12/16=512,FAT32=0) Total 16 : 2 바이트크기의파티션총섹터수 (2 바이트로부족할경우 Total 32 사용 )

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Media Type : 0xF8=fixed disk, 0xF0/F9/FD/FF/FC/FE=floppy, removable FAT Size 16 : FAT12/16 에서 FAT 영역이가지는 2 바이트크기의섹터수 (FAT32=0) s Per Track : 장치의트랙당섹터수 ( 보통 0x3F=63)

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Number of Heads : 장치의헤더수 Hidden s : 파티션시작전섹터의수 Total 32 : 4 바이트크기의파티션총섹터수

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type FAT Size 32 : FAT 하나의영역이가지는 4 바이트크기의섹터수 Ext Flags : 여러개의 FAT 영역을사용할경우설정값 File System Version : 파일시스템의주버전 (major) 과하위버전 (minor)

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster Active FAT Num Flag 4 bit 3 bit 1 bit 8 bit 속성이름크기설명 Active FAT Number 4 bit 활성화시킬 FAT 번호로 0 부터시작 (Flag 값이 1 인경우에만 ) 3 bit 미래를위해예약된영역 Flag 1 bit 0 : 변경내용을모든 FAT 영역에반영 1 : 변경내용을 Active FAT Number 이설정된 FAT 영역에만반영 8 bit 미래를위해예약된영역

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Root Directory Cluster : 루트디렉터리가위치한클러스터값 FAT12/16은고정된위치에루트디렉터리가오지만, FAT32의경우에는정해져있지않음 ( 보통클러스터 2번사용 ) File System Information : FSINFO 구조체가저장된섹터번호 ( 보통 0x01) Backup Boot Record : 백업된부트섹터의위치 ( 보통 0x06)

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Drive Number : BIOS INT13h 드라이브번호 Boot Signature : 확장부트시그니처 ( 보통 0x29) 확장부트시그니처가존재할경우, 시그니처이후에 3 개의부가정보 ( 볼륨 ID, 레이블, 타입 ) 가존재한다는의미

FAT12/16/32 Internals (FAT32) è BIOS Parameter Block 0x00 Jump Boot Code OEM ID Bytes Per Sec Per clus Sec Count 0x10 Num FATs Root Entry Count Total 16 Media FAT Size 16 Per Track Num of Heads Hidden 0x20 Total 32 FAT Size 32 Ext Flags File Sys Version Root Directory Cluster 0x30 File Sys Info Backup Boot Sec 0x40 Drv Num Rese rv1 Boot Sig Volume ID Volume Label 0x50 Volume Label File System Type Volume ID : 볼륨시리얼번호 Volume Label : 볼륨레이블 ( 없을경우 NO NAME ) 볼륨레이블위치 : 부트섹터, 루트디렉터리 File System Type : 파일시스템형식 ( FAT32 )

FAT12/16/32 Internals (FAT32) FAT Data Boot FSINFO (FAT32 only) Boot Strap (FAT32 only) More reserved sectors (FAT32 only) 32 sectors 범위 설명 0 3 Signature (0x41615252) 4 483 Not used 484 487 Signature (0x61417272) 488 491 Number of free clusters 492 495 Next free cluster 496 508 Not used 510-511 Signature (0x55AA) FSINFO (File System Information)

FAT12/16/32 Internals (FAT32) è FSINFO Structure ~ 범위 설명 값 0 3 Signature (0x41615252) 0x41615252 4 483 Not used - 484 487 Signature (0x61417272) 0x61417272 488 491 Number of free clusters 0x00032D70 (208240) 492 495 Next free cluster 0x000048E1 (18657) 496 508 Not used - 510-511 Signature (0x55AA) 0x55AA FSINFO (File System Information)

FAT12/16/32 Internals (FAT32) FAT Data Boot FSINFO (FAT32 only) Boot Strap (FAT32 only) More reserved sectors (FAT32 only) 32 sectors

FAT12/16/32 Internals FAT (FAT32) FAT Data FAT #1 FAT #2 Data

FAT12/16/32 Internals FAT (FAT32) FAT Data Cluster 2 FAT #1 FAT #2 Data 0x0000 0x0010 0x0020 0x0030 0x0040 0x0050 Media Type Partition Status Cluster 2 Cluster 3 Cluster 4 Cluster 5 Cluster 6 Cluster 7 Cluster 8 Cluster 9 Cluster 10 Cluster 11 Cluster 12 Cluster 13 Cluster 14 Cluster 15 Cluster 16 Cluster 17 Cluster 18 Cluster 19 Cluster 20 Cluster 21 Cluster 22 Cluster 23

FAT12/16/32 Internals FAT (FAT32) 0x00000000 : Available 0x?FFFFFFF : End-Of-Marker 0x?FFFFFFF : Bad Cluster FAT Entry 크기 ü FAT12/16 : 2 bytes (256 개 ) ü FAT32 : 4 bytes (128 개 )

FAT12/16/32 Directory Structure Security is a people problem

FAT12/16/32 Directory Structure Data FAT Data FAT File Data File Data Root Directory (Cluster 2) Sub Directory

FAT12/16/32 Directory Structure Data FAT Data FAT File Data File Data Root Directory (Cluster 2) Sub Directory 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size 위치 설명 0 0 File Name or Status Byte 1 7 File Name 8 10 File Extension 11 11 Attributes 12 13 Created (tenths of second) 14 15 Created 16 17 Created 18 19 Accessed 20 21 Starting Cluster High 2 Bytes 22 23 Written 24 25 Written 26 27 Starting Cluster Low 2 Byte 28-31 File Size Status Byte 0xE5 : 삭제된파일 0x00 : 비어있는파일 0xE5 ( 일본간지 ) è 0x05 대신표현

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size Name : 8 바이트의파일이름 영문 : ASCII 로표현 한글 : 한글완성형 공백은 0x20 (ASCII, space) 로표현 Extension : 3 바이트의파일확장자

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size File Attributes : 해당파일의형식 값 의미 설명 0000 0001 (0x01) Read Only 읽기전용파일 0000 0010 (0x02) Hidden File 숨긴파일 0000 0100 (0x04) System File 운영체제시스템파일 0000 1000 (0x08) Volume Label 해당파일의이름이곧볼륨이름루트디렉터리에위치하며시작클러스터는 0 0000 1111 (0x0F) Long File Name 긴파일이름엔트리 0001 0000 (0x10) Directory 디렉터리 0010 0000 (0x20) Archive 일반파일

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size Create (tenths of second) : 파일생성시간 (10 분의 1 초 ) Created (hours, minutes, seconds) : 파일생성시간 ( 시, 분, 초 ) Created : 파일생성날짜 Last Accessed : 마지막접근날짜 Last Written (hours, minutes, seconds) : 마지막수정시간 ( 시, 분, 초 ) Last Written : 마지막수정날짜

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size 날짜표현형식 (October 23, 2010) Year (1980 2107) (0 127) Month (1 12) Day (1 31) 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 날짜 10 진수 16 진수바이너리 23 23 0x17 1 0111 October 10 0x0A 1010 0011 110 1 010 1 0111 2010 30 0x1E 001 1110 0x3D57

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size 시간표현형식 (11:24:30 AM) Hour (0 23) Minute (0 59) Second (0 29) 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 시간 10 진수 16 진수바이너리 30 15 0x0F 0 1111 24 24 0x18 01 1000 0101 1 011 000 0 1111 11 11 0x0B 0 1011 0x5B0F

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size Starting Cluster Hi (2 bytes) : 파일이위치한시작클러스터의상위 2 바이트 Starting Cluster Low (2 bytes) : 파일이위치한시작클러스터의하위 2 바이트

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size File Size : 바이트단위의파일크기 (2 32 = 4,294,967,296 = 4 GB)

FAT12/16/32 Directory Structure Data è Directory Entry 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size 이름 Name Extension 값 PRONEER TXT Attribute 0x20 (Archive, 일반파일 ) Created / Last Accessed Last Written / 2010 년 10 월 20 일 04:17:10 PM 2010 년 10 월 20 일 2010 년 9 월 29 일 05:37:16 PM Starting Cluster 0x000064A5 (25,765) Created 0x000000AA (170)

FAT12/16/32 Directory Structure Data è Directory Entry ( 볼륨이름 ) 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size 볼륨이름 : PRONEER USB 루트디렉터리내첫번째디렉터리엔트리에위치 확장자필드도볼륨이름으로사용 속성과마지막수정시간 ( 볼륨이름설정시간 ) 만빼고나머지필드는사용안함 볼륨이름설정시간을알수있음

FAT12/16/32 Directory Structure Data è Directory Entry ( 한글이름 ) 0x00 Name Extension Attr Rese rved Create Tenths Created 0x10 Created Last Accessed Starting Cluster Hi Last Written Last Written Starting Cluster Low File Size 한글완성형코드값 프 : 0xC7C1 로 : 0xB7CE 니 : 0xB4CF 어 : 0xBEEE

FAT12/16/32 Directory Structure Data è LFN (Long File Name) Entry 0x00 Seq Num Name 1 (Unicode) Attr Rese rved Che Sum 0x10 Name 2 (Unicode) Name 3 (Unicode) 위치 설명 0 0 Sequence Number or Status Byte 1 10 LFN Character 1-5 (Unicode) 11 11 Attributes (0x0F) 12 12 13 13 Checksum 14 25 LFN Character 6-11 (Unicode) 26 27 28 31 LFN Character 12-13 (Unicode)

FAT12/16/32 Directory Structure Data è LFN (Long File Name) Entry 0x00 Seq Num Name 1 (Unicode) Attr Rese rved Che Sum 0x10 Name 2 (Unicode) Name 3 (Unicode) Sequence number / allocation status : 255 자이하의파일이름표현을위해하나이상의 LFN 엔트리사용 1 부터시작하여차례로증가 마지막값은 증가값 0x40 으로순서번호생성 0xE5 : 삭제된 LFN 엔트리 Attribute : LFN 엔트리이므로항상 0x0F 값 Checksum : 파일이름의체크섬값

FAT12/16/32 Directory Structure Data è LFN (Long File Name) Entry 0x00 Seq Num Name 1 (Unicode) Attr Rese rved Che Sum 0x10 Name 2 (Unicode) Name 3 (Unicode) Name 1 : 유니코드 5 문자 Name 2 : 유니코드 6 문자 Name 3 : 유니코드 2 문자 하나의 LFN 엔트리는총유니코드 13 문자표현가능 최대 255 문자할당시 14 개의 LFN 엔트리필요 문자가할당되지않을경우 0xFF 로패딩

FAT12/16/32 Directory Structure Data è LFN (Long File Name) Entry 0x00 Seq Num Name 1 (Unicode) Attr Rese rved Che Sum 0x10 Name 2 (Unicode) Name 3 (Unicode) forensic-proof.hwp LFN 엔트리 짧은이름 (Directory Entry) 의경우짧은이름생성규칙에맞춰 8 바이트이름생성 FORENS~1.HWP 순서번호증가 : 0x01 è 0x42 사용되지않은영역은 0xFF 로패딩

FAT12/16/32 Directory Structure Data è LFN (Long File Name) Entry ( 한글이름 ) 0x00 Seq Num Name 1 (Unicode) Attr Rese rved Che Sum 0x10 Name 2 (Unicode) Name 3 (Unicode) 포렌식프루프닷컴.hwp 유니코드값 포 : U+D3EC 렌 : U+B80C 식 : U+C2DD 프 : U+D504 루 : U+B8E8 프 : U+D504 닷 : U+B2F8 컴 : U+CEF4

FAT12/16/32 Directory Structure Data è Example : Root Directory (Cluster 2)

FAT12/16/32 Example Security is a people problem

FAT12/16/32 Example File Allocation C:\Downloads\proneer.txt (13KB) Cluster Size : 4K FAT 301 302 306 307 302 306 307 ~F8 Data Root Directory Cluster 300 Real Data Downloads 300 proneer.txt 301 ~ ~ 300 301 302 303 304 305 306 307

FAT12/16/32 Example File Deletion C:\Downloads\proneer.txt (13KB) Cluster Size : 4K FAT 301 302 306 307 00 00 00 00 Data Root Directory Cluster 300 Real Data Downloads 300 _roneer.txt 301 ~ ~ 300 301 302 303 304 305 306 307

FAT12/16/32 Example Wasted Analysis MBR 슬랙 FAT32 의예약된영역내의낭비되는섹터 (1, 2, 3, 6, 7, 8 섹터제외 ) FAT32 의예약된영역의추가적인부트코드영역 ( 섹터 3, 8) FSINFO 구조체영역 ( 섹터 2, 7) 의사용되지않는영역 파일슬랙 ( 램슬랙, 드라이브슬랙 ), 파일시스템슬랙, 볼륨슬랙

Quiz! Security is a people problem

Quiz! FAT12/16/32 디렉터리엔트리의크기는? FAT12/16/32 에서각파티션의예약된영역크기는? FAT32 의경우예약된영역에서사용되지않는섹터수는? 파일시간정보의위치는? 파일확장자의위치는? FAT32 의최대표현가능한클러스터수는?

Quiz! FAT12/16/32 예약된영역의부트섹터부트코드의역할은? FDISK 를사용하여포맷할경우의상태및복구방안은? 비할당클러스터판별법은? 삭제된파일및디렉터리판별법은? 덮어써진파일판별법은?

Question & Answer