SANSforensics: Understanding EXT4 (Part 1): Extents

Digital Evidence Digital Forensics SANS SANSforensics EXT4

EXT4 is a next generation file system replacement for the EXT2/EXT3 family of Linux file systems. It was accepted as "stable" in the Linux 2.6.28 kernel in October 2008[1]. As of this writing, it's starting to appear as the default file system in newer versions of several Linux distros. While the developers did try to maintain some degree of backwards compatibility with EXT2/EXT3, there is quite a bit that's new and different with EXT4. Popular forensic tools like the Sleuthkit are not fully compatible with these changes in EXT4, although some of their functionality does still work.

Full Story

Member Log-In

Remember Me

Smart Search

DME Resources Newsletter

Sign-up for the DME Resources"I may occasionally send an email" newsletter. Maybe quarterly? Semi-annually?

Well, what I can tell you is that your information will not be shared. See my Privacy Policy.

NOTE: Members of my site are NOT auto-subscribed or un-subscribed from this newsletter; they must manually Opt-In/Out.

Subscribe Today!

Who Doesn't Love Cookies?
DME Resources may place one or more Cookies on your computer. Cookies do not contain any personally identifying information, they allow me to customize my site based on your preferences. If you Decline cookies from my site, you may not be able to use all of the site's features.
Accept Cookies Decline Cookies