hi basically i have a couple of questions. I have an image of a thumb drive. I have gone through the image extracting information from the file allocation table until i have all of the files saved as strings. Basically i would like to progress from this stage to reconstrcuting the directory structure to the way that it would have been on the thumb drive. Can anyone help me with reconstructing directory structures from memory?
any resources/ websites would be much appreciated
thanks
Jump to Postpretty simple really, just call mkdir() for each directory in the tree.
Jump to PostCreateDirectory or mkdir can certenly create the directory.
Do you just want to craete the dir structure? Howz about attibutes like hidden or read only? Also security atrribute?
Seems it is a good amount of work...
Jump to PostAlso check out the boost filesystem functions
pretty simple really, just call mkdir() for each directory in the tree.
CreateDirectory or mkdir can certenly create the directory.
Do you just want to craete the dir structure? Howz about attibutes like hidden or read only? Also security atrribute?
Seems it is a good amount of work...
i would like to basically recreate what the thumb drive looks like to the user, from the image file i obtained, reconstructing the directory structure and all of the files it contains. I think its called parsing? (could be wrong there tho). Ive looked for information on this topic but i cant find anywhere so im just sort of blagging it a bit and hoping im on the right direction. I'm guessing its gunna be a lot of work, it took ages just to work out the bits of the file allocation table and creating the calculations to find the files.
Even general information on parsing FAT would also be appreciated!!
thanks for the help!
> I have gone through the image extracting information from the file allocation table
So you have a list of filenames and directories then?
It seems odd that you can figure the intricacies of the internal format of FAT, yet can't call an API function to create a few directories.
AD pretty much nailed it in post #2.
Writing to a new FAT file system is considerably easier than the "forensic" investigation you did to read the old data in the first place.
yer buts thats because i work in forensics and im new to C++ programming. I understand file systems fine, i just wanted to create a program to display it. Its the programming im rubbish at and trying to improve at.
Can you explain what you mean by "writing to a new FAT file system"?
Is there an easyier way of doing what im trying to achieve?
thanks
>>Is there an easyier way of doing what im trying to achieve?
You never said what you are trying to achieve other than creating directories. How much easier do you want it to get anyway, just call mkdir() for each of the directory names.
ah right sorry, that was my fault, my last post was off topic. I meant in terms of parsing the FAT to redisplay its contents. I wondered if there was an easier way of doing this than going through the file allocation table and working out where all the directory entries are stored. sorry i didn't explain very well in my last post.
I get the directory structure help, much appreciated.
thanks
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.
