The default number of sectors per cluster (with FAT12) is
The default number of sectors per cluster (with FAT16) is
The default number of sectors per cluster (with FAT32) is
Layout
A FAT file system is composed of 3 regions (Areas), the
„Reserved Area“ „FAT Area“ „Data Area“
System Area (VBR - Volume Boot Record) - smallest in size. It contains very important information: the address of the FAT table and the data area, the size of the data area, the FAT table and the entire disk, cluster size, the number of clusters.
02/02/2021 |
14 |
Layout
FAT area (less than 1%) includes FAT table of elements, equal to the number of clusters. Each element corresponds to its cluster. FAT element is a 12-bit on FAT12, 16-bit on FAT16 and 32-bit to FAT32.
The FAT area beginns directly after the reserved area and contains one or two FATs. The number of FATs is defined in the VBR.
The size of this area = number of FATs * size of a FAT
A copy of the main table FAT, it is identical. Used to restore if damaged main
The data area contains the actual data (files and directories) which are managed in clusters. The data area starts in first sector after the FAT area.
02/02/2021 |
15 |
Logical Organisation FAT 12/16
Reserved area |
FAT area |
|
Data area |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sektor 0 |
Sektor n |
VBR |
FAT 1 |
FAT 2 |
Root |
Data |
(usually |
|
- These structures are written while formatting the volume. |
||
one sector) |
|
|||
02/02/2021 |
16 |
Logical Organisation FAT 32
Reserved area |
FAT area |
Data area |
|
|
|
|
|
|
|
|
|
Sektor 0 |
Sektor n |
Boot area |
FAT 1 |
FAT 2 |
Data incl. Root |
32++ sectors |
|
|
|
- These structures are written while formatting the volume.
02/02/2021 |
17 |
Layout
To analyze the file system you have to know the start address of each area!
The start addresses of the reserved and FAT area can be taken from the VBR.
The data area is managed in clusters and the start address isn‘t stored in the VBR. It has to be calculated.
02/02/2021 |
18 |
Calculation of the start address of the data area FAT12/16
Reserved Area |
FAT Area |
Data Area |
||
|
|
|
|
|
|
|
|
|
|
FAT 12/16
1 |
1000 |
32 |
Number of sectors in volume (taken from VBR)
sector 1033 = cluster 2
E.g. |
Reserved area |
= 1 sector |
|
FAT area |
= 1000 sectors |
=> |
Root beginns in sector 1001 |
|
The size of the root is calculated by the number of possible entries (taken from VBR, usually in FAT16 systems 512) * number of one entry (32 bytes) => 512*32=16384 bytes /512 (bytes/sector) = 32 sectors
=> Startaddress of Cluster 2 = log. sector 1033
02/02/2021 |
19 |
Calculation of the start address of the data area FAT32
Reserved Area |
FAT Area |
Data Area |
||
|
|
|
|
|
|
|
|
|
|
FAT 32
32 |
|
13374 |
Number of sectors in volume (taken from VBR) |
||
|
|
sector 13406= cluster 2 |
E.g. |
Reserved Area = 32 sectors |
|
FAT Area |
= 13374 sectors |
|
On FAT32 the Root isn´t limited in size and is part of the data. So cluster 2 starts directly after the FAT area. Generally the Root starts after the FAT area. But the real value of startaddress is stored in the VBR (Offset 0x0C)
=> Startaddress of Cluster 2 = log. sector 13406
02/02/2021 |
20 |
The Boot Sector
•First sector of the logical drive
•Contains the BPB (BIOS Parameter Block) which contains all information about the size and structure of the volume
•Contains also the BIOS-signature 0x55AA in the last 2 bytes
•On a FAT32 system there is a copy of the boot sector 6 sectors after the original
8
The Boot Sector
offset |
meaning |
content |
length |
+000hex |
jump to bootcode |
|
3 bytes |
9