File |
Allocation |
|
EOF |
4 |
5 |
Table
EOF |
9 |
EOF |
EOF |
11 |
EOF |
EOF |
1 Cluster = 1024 Bytes
|
directory structure |
|
|
||||||
Name |
|
|
Cluster |
Length |
Accessed |
|
Written |
Created |
|
|
|
|
|
|
|
|
|
|
|
. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Test.txt |
|
2 |
|
575 |
15/01/00 |
|
15/01/00 |
15/05/00 |
|
|
|
|
|
|
|
|
|
|
|
Bild1.Gif |
|
|
3 |
|
2560 |
11/08/99 |
|
11/08/99 |
10/05/99 |
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
54
File |
Allocation |
Table |
|
|
|
|
|
|
|
EOF |
4 |
5 |
EOF |
9 |
EOF |
EOF |
11 |
EOF |
EOF |
1 Cluster = 1024 Bytes
directory structure
Name |
Cluster |
Length |
Accessed |
Written |
Created |
.
..
Test.txt |
2 |
|
575 |
15/01/00 |
15/01/00 |
15/05/00 |
|
|
|
|
|
|
|
|
|
Bild1.Gif |
3 |
|
2560 |
11/08/99 |
11/08/99 |
10/05/99 |
|
|
|
|
|
|
|
|
|
Such.Doc |
|
7 |
|
1005 |
15/09/00 |
14/09/00 |
10/08/00 |
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
55
File |
Allocation |
Table |
|
|
|
EOF |
4 |
5 |
EOF |
9 |
EOF |
EOF |
11 |
EOF |
EOF |
1 Cluster = 1024 Bytes
directory structure
Name |
|
Cluster |
Length |
Accessed |
Written |
Created |
|
|
|
|
|
|
|
|
|
. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Test.txt |
2 |
|
575 |
15/01/00 |
15/01/00 |
15/05/00 |
|
|
|
|
|
|
|
|
|
Bild1.Gif |
3 |
|
2560 |
11/08/99 |
11/08/99 |
10/05/99 |
|
|
|
|
|
|
|
|
|
Such.Doc |
7 |
|
1005 |
15/09/00 |
14/09/00 |
10/08/00 |
|
|
|
|
|
|
|
|
|
Report.doc |
|
8 |
|
350 |
01/01/99 |
05/06/98 |
04/06/98 |
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
56
File |
Allocation |
Table |
|
|
|
|
|
|
|
EOF |
4 |
5 |
EOF |
9 |
EOF |
EOF |
11 |
EOF |
EOF |
1 Cluster = 1024 Bytes
directory structure
Name |
Cluster |
Length |
Accessed |
Written |
Created |
.
..
Test.txt |
2 |
|
575 |
15/01/00 |
15/01/00 |
15/05/00 |
|
|
|
|
|
|
|
|
|
Bild1.Gif |
3 |
|
2560 |
11/08/99 |
11/08/99 |
10/05/99 |
|
|
|
|
|
|
|
|
|
Such.Doc |
7 |
|
1005 |
15/09/00 |
14/09/00 |
10/08/00 |
|
|
|
|
|
|
|
|
|
Report.doc |
8 |
|
350 |
01/01/99 |
05/06/98 |
04/06/98 |
|
|
|
|
|
|
|
|
|
Bild2.Gif |
|
|
|
1023 |
19/03/00 |
19/03/00 |
19/03/00 |
|
10 |
|
|||||
57
the FAT will find the rest |
|
|
File |
Allocation |
Table |
|
of the clusters |
9 |
EOF |
EOF |
11 |
EOF |
EOF |
|
||||||
From the directory we get
1 Cluster = 1024 Bytesthe starting cluster in the FAT
Name |
Cluster |
Length |
Accessed |
Written |
Created |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
. |
|
|
|
|
|
|
|
|
|
How many |
|
|
|
.. |
|
|
|
|
|
|
|
|
|
cluster are |
|
|
|
Test.txt |
2 |
|
575 |
|
15/01/00 |
|
needed? |
|
|
||||
|
|
|
|
|
|
|
|
|
|
|
|
||
Bild1.Gif |
3 |
|
2560 |
|
11/08/99 |
|
|
|
|
|
|||
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Such.Doc |
7 |
|
1005 |
|
15/09/00 |
|
14/09/00 |
10/08/00 |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Report.doc |
8 |
|
350 |
|
01/01/99 |
|
05/06/98 |
04/06/98 |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Bild2.Gif |
10 |
|
1023 |
|
19/03/00 |
|
19/03/00 |
19/03/00 |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Test1.txt |
|
6 |
|
|
|
2575 |
|
15/11/00 |
|
15/11/00 |
15/11/00 |
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
58
Creation of a file
During the file creation process the PC does 3 actions:
•A file entry with the needed information will be created
•In the FAT, an entry will be created which corresponds to the starting cluster from the file entry
•The data is written
59
Deleting files in the FAT
1.First symbol the file name in the Root Directory is replaced by the value of E5.
2.The chain of clusters in the FAT table is cleared. Instead cluster numbers entered value 00 - cluster are marked as free.
In the root directory remain the file name (without the first symbol), his attribute, a reference to the number of the first cluster of the file.
3.The operating system makes to the record of the new file in the root directory. Further information is recorded on a new free cluster
The algorithm of file recovery
1.Determine the number of the first cluster of the file from the root directory
2.Restore the chain of clusters that file
File recovery scenario А 56 
57 
58 
59 
60 
61
B 56 
57 
58 
59 
60 
61
first cluster – 56 Size of file – 7094 B
Size of cluster – 2048 B Number clusters for file - 4
C |
56 |
57 |
58 |
59 |
60 |
61 |
|
|
|
|
|
|
|
Information from the first 4 free clusters is restored
•file will be restored without errors
•file will be restored without errors. we must understand that the
cluster 57 and 60 relate to another file (from FAT)
•If the cluster 57 is the information from the other deleted file recovery is with errors
Free cluster
Cluster of file
busy cluster