On Mon, Dec 20, 2010 at 2:45 AM, loody <miloody@xxxxxxxxx> wrote: > Dear all: > I recently trace FS/fat and I want to know is there any utility under > linux that can help us to easily parse BPB/BS or FAT tables? > > appreciate your help, > miloody TSK3 apparently does some FAT analysis/parsing. See this extracted from http://www.sleuthkit.org/sleuthkit/docs/api-docs/files.html === tsk3/fs/fatfs.c Contains the internal TSK FAT file system code to handle basic file system processing for opening file system, processing sectors, and directory entries tsk3/fs/fatfs_dent.c Contains the internal TSK FAT file name processing code tsk3/fs/fatfs_meta.c Contains the internal TSK FAT file system code to handle metadata structures === TSK3 is command line I believe. (I've not used it.) TSK3 is included in Sleuthkit, which is a pretty basic gui I believe plus some wrappers. Both TSK3 and Sleuthkit are in the more modern GUI: PTK. http://ptk.dflabs.com/ All of the above is opensource I believe. (I normally use commercial software for filesystem analysis, so I have not used any of the above. The only commercial linux filesystem anal. tool that I know of is "smart". http://www.asrdata.com/forensic-software/smart-for-linux/ I haven't tried it in years, so I can't say how good/bad it is currently.) Greg _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
