Open in app

Sign in

Write

Sign in

File systems of Windows, Linux, and Mac operating systems

Prasan singh
7 min readJul 20, 2021

--

The objective for this assignment is to “Compare and contrast various file systems of Windows, Linux, and Mac operating systems with a suitable example each.”

Comparison of File Systems (Wikipedia, 2012) lists 102 different file systems that have been in production use on widely-used computing platforms since 1964. Back when the dinosaurs roamed the earth, I personally used TOPS-10, RT-11, CP/M, the original FAT, Apple and Commodore DOSs (as well as TRS CAS and TRSDOS which are not even listed by Wikipedia), and I have used many other file systems since.

A digital forensic investigator is likely to encounter the most common file systems currently in use which are NTFS for Windows systems, ext4 for Linux systems, and APFS for macOS systems. All three operating systems also support variations of FAT as well as the most common CD, DVD, and tape formats. A forensic investigator needs to be prepared to extract digital evidence from any of these formats.

NTFS, the New Technology File System, was developed by Microsoft beginning in 1993 to eventually become the native file system for the Windows family of operating systems and to provide security and reliability features that had been lacking in the previously dominant File Allocation Table (FAT) filesystems. “The goals of NTFS are to provide: “Reliability, which is especially desirable for high-end systems and file servers, a platform for added functionality” and “support POSIX requirements” (Microsoft: Deland-Han, 2020). Self-healing NTFS was also introduced in 2008 (Gerend, 2020). NTFS stores files in a b-tree structure. A volume begins with a volume boot record (VBR) which then references the master file table (MFT). The MFT references the special metafiles (for example, $Volume is information about that volume, $MFT indexes all files, $MFTMirr is a backup of the $MFT, $LogFile implements journaling and logging, $VBR references the volume boot record, and so on) (Wikipedia, 2021).

The Fourth Extended File System (ext4), the latest stable evolution of the ext family of journaled file systems, was merged into the stable Linux 2.6.28 kernel in 2008. Features include backward compatibility with previous file systems, large file system capability (up to one exbibyte), file extents, persistent and delayed allocation, unlimited subdirectories, journaling and metadata checksums, improved timestamping, transparent encryption, and faster file system checking (Wikipedia, 2021 and EC-Council, 2021).

The Apple File System (APFS) became the standard file system for macOS High Sierra (10.13) and newer as of 2017.Although our course text makes the specious claim that it cannot be used for HDD, this is false; there are use cases for which APFS is not ideal, of course, but in general, many Mac users can and do use APFS on mechanical hard disk drives on a routine basis. APFS uses the GPT partitioning scheme, with the top-level partitions being known as Containers. Each container can contain logical volumes that share the space within their container. To protect system integrity in macOS Catalina (10.15) and newer, boot volumes are implemented as paired volume groups, including one volume that has system files that is read-only in normal use and a paired data volume that is read-write (although still subject to normal security protections) (Coakley, 2019); the paired volumes appear as one in the GUI utilities, but appear as distinct entities in the command line and in some third party utilities such as Carbon Copy Cloner. APFS structure includes the container superblock (metadata about number and characteristic of the block structure), checkpoint superblock descriptor (data about metadata structures), bitmap (tracks block usage). As file system data is moved from CPU to storage, a checkpoint is created, represented by a checkpoint superblock. The most recent checkpoint superblock is the main superblock and refers to the previous checkpoint superblock. The volume superblock contains data about the volume: the file and extents b-trees catalog files, folders, and the additional parts of files. APFS also incorporates snapshots and checkpoints, enabling restore points (EC-Council, 2021).

In addition to NTFS, file systems currently usable by currently supported versions of Windows are FAT12, FAT16, FAT16B, FAT16X, FAT32, FAT32X, exFAT, UDF, ISO 9660, Joliet CDFS, ZFS, and ReFS. Other file systems are accessible with the use of third-party software.

In addition to ext4, file systems currently usable by currently supported versions of Linux are: ext2, ext3, BeeGFS, V7FS, GFS, NOVA, Lustre, F2FS, ReiserFS, SpadFS, OCFS, OCFS2, XFS, JFS, VxFS, Fossil, Rock Ridge, SquishFS, HPFS, UFS2, FAT12, FAT16, FAT16B, FAT16X, FAT32, FAT32X, UDF, ISO 9660, Joliet CDFS, Apple HFS, Btrfs, NILFS, and ZFS. Other file systems are accessible with the use of third-party software.

In addition to APFS, file systems currently usable by currently supported versions of macOS are Apple HFS+, FAT12, FAT16, FAT16B, FAT16X, FAT32, FAT32X, exFAT, FFS, UFS1, Fossil, Rock Ridge, UFS2, UDF, ISO 9660, Joliet CDFS, and NTFS (read-only). Other file systems are accessible with the use of third-party software.

References

Afonin, A. (2021, September 3). Inside NTFS: Files in the NTFS system. Hetman Software. https://hetmanrecovery.com/recovery_news/ntfs-file-system-structure.htm (Links to an external site.)

Afonin, A. (2021, September 3). Inside FAT: File search. Hetman Software. https://hetmanrecovery.com/recovery_news/inside-fat-data-recovery-algorithm.htm (Links to an external site.)

Apple. (2018, April 9). File system details. Apple Developer. https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystemDetails/FileSystemDetails.html (Links to an external site.)

Apple. (2018, April 9). File system basics. Apple Developer. https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystemOverview/FileSystemOverview.html (Links to an external site.)

Apple. (2021). Partition schemes are available in Disk Utility on Mac. Apple Support. https://support.apple.com/guide/disk-utility/partition-schemes-disk-utility-mac-dsku1c614201/20.0/mac/11.0 (Links to an external site.)

Apple. (2021). File system formats are available in Disk Utility on Mac. Apple Support. https://support.apple.com/guide/disk-utility/file-system-formats-available-in-disk-utility-dsku19ed921c/mac (Links to an external site.)

Ariel. (2021, June 8). Ext4 vs. NTFS vs. HFS+: Differences and which one should you use. MiniTool. https://www.partitionwizard.com/partitionmagic/ext4-vs-ntfs-vs-hfs.html (Links to an external site.)

Bell, K. (2017, March 31). Everything you need to know about the new Apple file system. Cult of Mac. https://www.cultofmac.com/435718/apfs-new-apple-file-system/ (Links to an external site.)

Bruno, L., & Sengupta, S. (2017, December 15). Windows file systems. Microsoft TechNet. https://social.technet.microsoft.com/wiki/contents/articles/5375.windows-file-systems.aspx (Links to an external site.)

Deland-Han. (2020, December 7). Overview of FAT, HPFS, and NTFS file systems. Developer tools, technical documentation, and coding examples. https://docs.microsoft.com/en-us/troubleshoot/windows-client/backup-and-storage/fat-hpfs-and-ntfs-file-systems (Links to an external site.)

EC-Council. (2020). Certified Ethical Hacker (CEH) Version 11 eBook w/ iLabs (Volumes 1 through 4). [VitalSource Bookshelf 9.2.1]. Retrieved from vbk://9781635675160

EC-Council. (2021). Computer Hacking Forensics Investigator (CHFI) Version 10, 10th Edition. [VitalSource Bookshelf 9.2.1]. Retrieved from vbk://9781635676969

Fisher, T. (2020, July 20). What file systems are and common ones in use today. Lifewire. https://www.lifewire.com/what-is-a-file-system-2625880 (Links to an external site.)

Gawatu. (n.d.). Resilient file system (Refs) overview. Developer tools, technical documentation, and coding examples. https://docs.microsoft.com/en-us/windows-server/storage/refs/refs-overview (Links to an external site.)

Gerend, J. (2020, September 30). NTFS overview. Developer tools, technical documentation, and coding examples. https://docs.microsoft.com/en-us/windows-server/storage/file-server/ntfs-overview (Links to an external site.)

Hoakley. (2019, December 18). Making sense of disk utility and disk structure in macOS 10.13–10.15. The Eclectic Light Company. https://eclecticlight.co/2019/12/18/making-sense-of-disk-utility-and-disk-structure-in-macos-10-13-10-15/ (Links to an external site.)

Hoffman, C. (2017, October 10). APFS explained: What you need to know about Apple’s new file system. How-To Geek. https://www.howtogeek.com/327328/apfs-explained-what-you-need-to-know-apples-new-file-system/ (Links to an external site.)

Kim, D. (2016). Fundamentals of Information Systems Security, 3rd Edition. [VitalSource Bookshelf 9.2.1]. Retrieved from vbk://9781284128567

Linda. (2020, August 20). Introduction to Linux file system [Structure and types]. MiniTool. https://www.partitionwizard.com/partitionmagic/linux-file-system.html (Links to an external site.)

LSoft Technologies, Inc. (n.d.). NTFS overview. NTFS.com — Data Recovery Software, File Systems, Hard Disk Internals, Disk Utilities. https://www.ntfs.com/ntfs_basics.htm (Links to an external site.)

Microsoft. (2017, May 4). NTFS overview. Developer tools, technical documentation, and coding examples. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn466522(v=ws.11) (Links to an external site.)

Mikben. (n.d.). File system functionality comparison. Developer tools, technical documentation, and coding examples. https://docs.microsoft.com/en-us/windows/win32/fileio/filesystem-functionality-comparison (Links to an external site.)

Paragon. (n.d.). Microsoft NTFS for Mac. Paragon Software Group. https://www.paragon-software.com/home/ntfs-mac/ (Links to an external site.)

Sarra, A. (2020, September 16). NTFS file streams — What are they? Stealthbits Technologies. https://stealthbits.com/blog/ntfs-file-streams/ (Links to an external site.)

SoftAmbulance. (n.d.). History of NTFS filesystem. SoftAmbulance: Recover lost Disks, Photos, Partitions, Emails, Video, and Databases. https://softambulance.com/faq/ntfs/filesystem_history.php (Links to an external site.)

Stavniychuk, D. (2018, November 2). APFS: The most useful features in the new Apple file system. MacPaw. https://macpaw.com/how-to/apfs-macos-file-system (Links to an external site.)

Wayne, S. (2021, July 5). Learn everything about the new Apple file system (APFS) in this information. Recoverit — Ultimate Data Recovery Solutions for Windows/Mac. https://recoverit.wondershare.com/mac-data-recovery/apfs-new-apple-file-system.html (Links to an external site.)

Wikipedia. (2021, June 23). Apple file system. Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Apple_File_System (Links to an external site.)

Wikipedia. (2021, June 22). Comparison of file systems. Wikipedia, the free encyclopedia. Retrieved July 15, 2021, from https://en.wikipedia.org/wiki/Comparison_of_file_systems (Links to an external site.)

Wikipedia. (2021, May 25). ext4. Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Ext4 (Links to an external site.)

Wikipedia. (2021, July 4). NTFS. Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/NTFS

Cybersecurity
Information Technology
Apple
Microsoft
Linux

--

--

Prasan singh
Prasan singh

Written by Prasan singh

37 Followers
85 Following

CE|H v11 || CTF 🏳️ || Cybersecurity Researcher || Programmer 👨‍💻Founder of CyberJunk

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams