Back to course

Understanding Filesystems (ext4, NTFS)

Cyber Security Mastery: From Zero to Hero

How Data is Stored and Managed

The filesystem is the structure an operating system uses to manage storage and retrieve data. Different operating systems use different standards, which is important for forensics and cross-OS compatibility.

Linux Filesystems: ext4

  • Default: ext4 is the current standard for most Linux distributions.
  • Features: Journaling (improves recovery), large file support, robust permissions structure.

Windows Filesystems: NTFS

  • Default: New Technology File System (NTFS).
  • Features: Supports features crucial for Windows environments like access control lists (ACLs), encryption, and compression.
  • Forensics Note: Analyzing data on a Windows target often requires understanding the NTFS structure and its metadata.

Mounting

In Linux, you must 'mount' a filesystem (like a USB drive or a Windows partition) to a specific directory path before you can access its contents. This is a crucial concept when performing data extraction during a penetration test or forensic investigation.