Authors: Kevin Fairbanks
DFRWS USA 2012
Abstract
This paper presents a low-level study and analysis of Ext4 file system data structures. It includes descriptions of extents, extent trees, directory indexing HTrees, and flex block groups. Currently, data about the file system is scattered with most sources focusing on one particular feature. This paper provides more comprehensive analysis with the forensics community in mind and states some brief implications of the file system behavior with respect to data recovery.