A Forensics Class project (exFAT)

Probably the worst delema for me is when I take a class in school and have to do a term project, especially a paper. Actually doing the paper is not the problem, that goes easy, it is picking the subject and title, i.e. project selection. So, I am in a forensics class at John Jay College in NY, where they have a computing forensics program, and I’m taking a class on Digital Investigation and we all have to pick a term project which is a substantial part of the grade. The professor kept talking about a new file system called WinFS, which it seems right now did not become a released file system although it had been implemented in some other way. But while I was trying to look for WinFS, I hit a site that did file system comparisons and talked about a file system called exFAT/FAT64. So I ran this by the professor as a possible term project and it was accepted. As I started my research I found some interesting things like the specification isn’t really published, and there is little known about the file system internals so I had a lot of work to do. As I progressed I really got into this project and paper as I dissected and dug deep into the internals of the file organization.

As the paper progressed, I came to realize I had a really great topic and at a good time because the popularity of the exFAT file system was going to get a big boost from the SD card association when the new SDHC cards and device support. I decided that I would also use this opportunity to do a gold paper assignment for my SANS GCFA certification and go from silver to gold. So the papers that are posted are drafts of the gold paper as I work towards completing those requirements.

For those who are looking for internals on exFAT, the paper provides a good guide into the structure and file organization. I think it can be a good tool for those who need to peek under the covers.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s