O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Bottom Line

Interpret the data found in a 32-byte FAT directory record. The FAT filesystem is alive and well. It is the one filesystem that is portable between the various popular operating systems, which are Windows, OS X, Linux, and so forth. With the rapid growth in thumb drives, various types of flash media, and personal music players, the FAT filesystem will be around for years to come. Many attackers keep their tools and data on thumb drives to keep them portable and hidden from prying eyes.
FAT stores vital filesystem metadata in a structure known as a FAT directory entry. This entry is 32 bytes in length and contains, among other things, the file’s name, length, and starting cluster.
Master It An intrusion has occurred and it is ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required