respond-to-two-digital-forensics-discussion-posts

1) The New Technology File System (NTFS) is a file system created by Microsoft and commonly used by Windows operating systems. In comparison to FAT file systems, NTFS holds several advantages. One major advantage NTFS holds over FAT file system involves the ability to set file permissions and utilize encryption (Irene, 2019). These two features provide NTFS a security advantage over FAT file systems which do not support either features. NTFS partitions can support a total of 16EB, while FAT partitions do not support sizes larger than 8TB, where a maximum of 2TB are recognized by Windows systems (University of Wisconsin-Madison, n.d.). FAT file systems limit the maximum size of a single file. In the case of a FAT32 file system, the maximum support size for a single file is 4GB. This restriction can be problematic in modern operating systems where files can easily exceed this limit.

Journaling is used by file systems to record pending updates to a log prior to saving the updates to the file system, allowing for faster recovery after a system crash (Prabhakaran, Arpaci-Dusseau, A., & Arpaci-Dusseau, R, n.d.). Using journaling allows for a system that experienced an unclean shutdown to replay the contents of the journal once the system is up. This allows for the system to verify the data on disks and use the information within the journal to possibly return the system to a state prior to the shutdown.

2) Removable media are system components that inserted into and removed from a computer system which are utilized to store files. They can be seen in the form of solid state (e.g. USB thumb drives; SD cards), optical (e.g. CDs; DVDs), or magnetic devices (e.g. external hard drives; floppy disks). Removable media devices are often used for backup of files and portable storage solutions. Additionally, removable media devices may be removed from the computer system without powering off the system, which gives them an advantage over more traditional storage solutions.

Typically, removable media drives such as USB flash drives, SD cards, and external hard drives, seem to be formatted using the FAT32. To understand why this is the case, it’s easiest to explain why Microsoft created NTFS as a replacement for FAT32 in the first place:

1. FAT32 only supports a maximum file size of 4GB and a maximum volume size of 2 TB. NTFS has much higher limits than this.
2. The FAT32 file system is not capable of journaling. This means that there is a much greater potential for the file system to corrupt. Conversely, NTFS logs all changes to a journal on the drive before the changes are made, so it could recover more effectively if there is an issue during the file-writing process.
3. Permissions are not supported in FAT32 file systems. NTFS is capable of implementing file permissions which enable increased file security.

These three points demonstrate that NTFS is a superior file system to FAT32. So why then is removable media usually formatted with the FAT32 file system? Well, most of the shortcomings of FAT32 that NTFS solves are not problems on removable drives. USB flash drives and SD cards are definitely under the 2 TB limitation of FAT32. They don’t need journaling, and having a journaling feature would actually just increase the amount of writes to the drive which could reduce its life. Additionally, USB flash drives and SD cards generally do not need file permissions and it could potentially cause issues if they did because removeable drives are generally accessed on different computers/user accounts.