1
00:00:00,790 --> 00:00:09,540
In the last video we talked about Microsoft file system fundamentals Linux operating systems also have

2
00:00:09,750 --> 00:00:18,510
their own version of file systems x4 is the successor Linux file system 2 x 3 and it's earlier predecessors

3
00:00:19,140 --> 00:00:23,880
due to its larger capacity and performance capabilities.

4
00:00:25,630 --> 00:00:33,260
The x4 file system maintains a special file called a journal a file system Journal is used to record

5
00:00:33,260 --> 00:00:41,360
data so that even in the event of power failures or system crashes the file system can be restored to

6
00:00:41,360 --> 00:00:43,670
the previous state.

7
00:00:43,670 --> 00:00:51,440
Journaling also provides data integrity to ensure that data has not been tampered with when X for file

8
00:00:51,440 --> 00:00:52,970
systems are partitioned.

9
00:00:53,000 --> 00:00:57,410
The information is held within the master boot records.

10
00:00:57,770 --> 00:01:05,960
The ambi are also referred to as a bootloader contains executable code to function as a loader for the

11
00:01:05,960 --> 00:01:17,670
installed operating system and makes file systems have two main partitions data and swap swap space

12
00:01:17,670 --> 00:01:21,080
that is held within the swap partition.

13
00:01:21,080 --> 00:01:26,370
Hold additional RAM that can be used by the system if needed.

14
00:01:26,370 --> 00:01:33,000
The purpose of swap space is to help the Linux system operate but it can also be used as a forensic

15
00:01:33,000 --> 00:01:38,440
tool because anything stored in RAM could also be stored in swap.

16
00:01:38,500 --> 00:01:48,010
So this means that valuable system data such as emails credentials and plain text data can be analyzed

17
00:01:48,010 --> 00:01:53,270
in swap as part of a forensics investigation.

18
00:01:53,620 --> 00:02:01,360
If you want to view a summary of swap space usage by device you can use the command swap on summary.