Linux Forensics by Philip Polstra
Author:Philip Polstra [Polstra, Philip]
Language: eng
Format: azw3, epub
Publisher: Pentester Academy
Published: 2015-09-30T04:00:00+00:00
0x400
Metadata Csum
Checksums are used on metadata items
0x800
Replica
The filesystem supports replicas
0x1000
ReadOnly
Should only be mounted as read-only
When the Sparse Superblock feature is in use, the superblock is only found in block group 0 or in block groups that are a power of 3, 5, or 7. If there is at least one file greater than 2 gigabytes on the filesystem, the Large File feature flag will be set. The Huge File feature flag indicates at least one huge file is present. Huge files have their sizes specified in clusters (the size of which is stored in the superblock) instead of data blocks.
The Btree Directory feature allows large directories to be stored in binary-trees. This is not common. Another feature related to large directories is Directory Nlink. When the Directory Nlink flag is set, subdirectories are not limited to 32,768 entries as in previous versions of ext3.
The GDT Checksum feature allows checksums to be stored in the group descriptor tables. The Extra Isize feature flag indicates that large inodes are present on the filesystem. If a filesystem snapshot is present, the Has Snapshot flag will be set. Disk quota use is indicated by the Quota feature flag.
The Big Alloc feature is useful if most of the files on the filesystem are huge. When this is in use, file extents (discussed later in this chapter) and other filesystem structures use multi-block clusters for units. The Metadata Checksum flag indicates that checksums are stored for the metadata items in inodes, etc. If a filesystem supports replicas, the Replica flag will be set. A filesystem with the Read Only flag set should only be mounted as read-only. This flag can be set to prevent others from modifying the filesystem’s contents.
Only two features in the read-only compatible set affect the filesystem layout: Sparse Super Blocks and Extra Isize. Sparse super blocks affect which block groups have superblock backups. Like 64-bit mode, the Extra Isize feature affects the layout indirectly by changing the inode size.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6516)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6231)
Machine Learning Security Principles by John Paul Mueller(6202)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5870)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5838)
Solidity Programming Essentials by Ritesh Modi(4000)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3643)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3372)
Future Crimes by Marc Goodman(3345)
Mastering Python for Networking and Security by José Manuel Ortega(3344)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3329)
Blockchain Basics by Daniel Drescher(3292)
Learn Computer Forensics - Second Edition by William Oettinger(3139)
Mobile App Reverse Engineering by Abhinav Mishra(2879)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2868)
Incident Response with Threat Intelligence by Roberto Martínez(2857)
The Code Book by Simon Singh(2823)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2779)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(2685)
