Unlock instant, AI-driven research and patent intelligence for your innovation.

Analysis method, terminal device and storage medium of xfs file system including deleted files

A file system and file deletion technology, applied in the field of file analysis, can solve problems such as low efficiency, loss of pointers to INODE node information, and inability to restore deleted files, etc., to achieve the effect of effective technical support

Active Publication Date: 2022-07-15
XIAMEN MEIYA PICO INFORMATION
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When a file is deleted, the node organization structure of the B+ tree will be adjusted, that is, the INODE node information that saves the deleted file loses the pointer pointing, and the deleted file information cannot be indexed normally, and only normal files can be parsed through traditional analysis methods. Unable to recover deleted files
The current recovery tools on the market can only perform normal file analysis or restore deleted files through full-disk fragmentation scanning, but the full-disk fragmentation scanning method is inefficient and the recovered files cannot guarantee a complete directory structure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Analysis method, terminal device and storage medium of xfs file system including deleted files
  • Analysis method, terminal device and storage medium of xfs file system including deleted files
  • Analysis method, terminal device and storage medium of xfs file system including deleted files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] The XFS file system consists of super blocks and AGs (Allocate Groups), such as figure 1 shown. Each AG consists of a series of blocks, which are the smallest allocation unit of the XFS file system. The super block contains information such as block size, INODE node size, sector size, and the number of blocks TOTALBLOCKNUMBER contained in the file system. The beginning of each AG includes the number of blocks in the AG, the number of allocated INODE nodes, the position of the B+Tree root node, and the B+ tree level, etc., such as figure 2 shown.

[0036] Through the "B+Tree root node position" in the AG header, the B+Tree root node that manages the INODE node group can be located, and the leaf node in the B+Tree stores a pointer to the INODE node group. A leaf node (occupying a block) consists of a block header and an INODE group pointer record, where the block header stores information such as the block identifier, the number of leaf node levels, left node informat...

Embodiment 2

[0060] The present invention also provides an XFS file system parsing terminal device with deleted files, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor executing the computer The steps in the above method embodiment of the first embodiment of the present invention are implemented during the program.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an XFS file system parsing method, a terminal device and a storage medium containing deleted files. The method includes: parsing the file system according to the organizational structure of the XFS file system, and ignoring the "allocated INODE number" in the parsing process, and directly Using the block header identifier combined with the structure matching rules and verification algorithms recorded by the INODE group pointer, the key structure identification of the metadata area of ​​the file system is performed to obtain all metadata information, thereby realizing the parsing of normal and deleted files. The invention provides a solution for the rapid analysis of normal and deleted files of the XFS file system, provides effective technical support for the rapid and in-depth analysis of electronic data forensics, and has great significance.

Description

technical field [0001] The invention relates to the field of file parsing, in particular to an XFS file system parsing method, terminal device and storage medium containing deleted files. Background technique [0002] XFS is a high-performance journaling file system, which was officially ported to the Linux kernel in 2000 with its excellent large file processing capabilities. The XFS file system has strong scalability and robustness, and has a strong guarantee for data security. It is currently widely used on Linux systems. The CENTOS series has used XFS as the default file system since version 7.0. In the process of electronic data forensics (especially server forensics), the XFS file system is often encountered, and the depth of analysis of the XFS file system by the forensics tool directly affects the forensic effect. [0003] The XFS file system stores file metadata in the form of INODE node groups, and the INODE node groups are organized in the form of trees, and the l...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F16/16G06F16/18
CPCG06F16/162G06F16/1815
Inventor 沈长达雷鹏程杜新胜蓝朝祥
Owner XIAMEN MEIYA PICO INFORMATION