From mboxrd@z Thu Jan 1 00:00:00 1970 From: greg.freemyer@gmail.com (Greg Freemyer) Date: Mon, 20 Dec 2010 10:56:20 -0500 Subject: Any tool under linux to parsing BPB/Bs/FAT table? In-Reply-To: References: Message-ID: To: kernelnewbies@lists.kernelnewbies.org List-Id: kernelnewbies.lists.kernelnewbies.org On Mon, Dec 20, 2010 at 2:45 AM, loody wrote: > Dear all: > I recently trace FS/fat and I want to know is there any utility under > linux that can help us to easily parse BPB/BS or FAT tables? > > appreciate your help, > miloody TSK3 apparently does some FAT analysis/parsing. See this extracted from http://www.sleuthkit.org/sleuthkit/docs/api-docs/files.html === tsk3/fs/fatfs.c Contains the internal TSK FAT file system code to handle basic file system processing for opening file system, processing sectors, and directory entries tsk3/fs/fatfs_dent.c Contains the internal TSK FAT file name processing code tsk3/fs/fatfs_meta.c Contains the internal TSK FAT file system code to handle metadata structures === TSK3 is command line I believe. (I've not used it.) TSK3 is included in Sleuthkit, which is a pretty basic gui I believe plus some wrappers. Both TSK3 and Sleuthkit are in the more modern GUI: PTK. http://ptk.dflabs.com/ All of the above is opensource I believe. (I normally use commercial software for filesystem analysis, so I have not used any of the above. The only commercial linux filesystem anal. tool that I know of is "smart". http://www.asrdata.com/forensic-software/smart-for-linux/ I haven't tried it in years, so I can't say how good/bad it is currently.) Greg