FAT32 Filesystem Archaeology
A while back I bought Dad an iRiver E150 so he could make audio recordings of my grandparents. It’s quite a nice little device and had been doing a fairly good job for a few months, but then all of a sudden some of the recordings wouldn’t play.
To cut a long and boring story short, I eventually discovered that the device had simply overwritten some of the recordings with others, ie. no I/O errors or anything nasty, just a software bug.
In the process I looked around for tools to examine FAT filesystems, and didn’t find much. If anyone knows of any I’d love to hear about them. In the absence of a proper tool I bodged up some code to do what I needed – and only what I needed.
I’ve thrown the code up in case anyone else finds themselves in a similar predicament. The idea is you dd the data off and point the code at it and examine it, it’s read only. It can dump the FAT, show you orphan clusters (with no dentry pointing at them), search for a value, and save clusters or cluster chains.
Massive thanks to the Wikipedia page on FAT.
Posted by mike on Friday February 17th, 2012, tagged with linux, plau