Introduction

This test has four images. One is a disk image that contains two partitions and the partitions are also included as individual files. The fourth image is an additional partition image. The purpose of this test case is to test the file system detection routines of your analysis tools. A typical partition contains only one file system, but the layout of some file systems allows multiple file systems to exist in a single partition. Each of the partitions in this disk image contain two file systems. The first partition is formatted for NTFS and Ext2, the second is formatted for NTFS and UFS2, and the third is formatted for NTFS and UFS1. Both file systems are valid and can be mounted in their respective operating system. The test is whether your tool will warn you that there are two valid file systems or if it will show you only one and hide the other.

Download

This test case has one 'raw' disk image and two 'raw' partition images. In total, the images are 275 MB, but they compress to under 1 MB. The MD5 of the disk image (which contains partitions 1 and 2) is 9225ff95b92311a28b2224e9dc324231, partition 1 is 6bd741152ccedd50e12623af5eeba803 and partition 2 is 0b768efb1011b047c9831c1e00d1706c. The MD5 of partition 3 is 5984253cad72d4950c15a9e679139daf. This images are released under the GPL, so anyone can use it.

• zip

Environment

This section describes the images in more detail. This form can be used to test your tool with these images.

• The 10-ntfs-disk.dd image has a DOS partition table with two partitions (10-ntfs-part1.dd and 10-ntfs-part2.dd). Each partition has a type of 0x07, which the NTFS type. The contents of each partition are described next.
• The 10-ntfs-part1.dd image is from the first partition in 10-ntfs-disk.dd. It was originally formatted as NTFS from within Windows XP and the ntfs.txt file was created. The partition was then formatted as Ext2 and the ext2.txt file was created. The NTFS file system was then checked for errors from within Windows and none were found.
• The 10-ntfs-part2.dd image is from the second partition in 10-ntfs-disk.dd. It was originally formatted as NTFS from within Windows XP and the ntfs.txt file was created. The partition was then formatted as UFS2 and the ufs1.txt file was created. The NTFS file system was then checked for errors from within Windows and none were found. This image was supposed to be UFS1, but I incorrectly formatted it as FreeBSD UFS2.
• The 10-ntfs-part3.dd image is not in the 10-ntfs-disk.dd image and was created because 10-ntfs-part2.dd was incorrectly formatted as UFS2 instead of UFS1. The partition wasformatted as NTFS from within Windows XP and the ntfs.txt file was created. The partition was then formatted as UFS1 and the ufs1.txt file was created. The NTFS file system was then checked for errors from within Windows and none were found.

Author

Disclaimers

These tests are not a complete test suite. These were some of the first ones that I thought of and little formal theory was put into their design.

Passing these tests provides no guarantees about a tool. Always use additional test cases (and email them to me so we can all benefit!).

Copyright © 2005 by Brian Carrier Email: carrier at users dot sf dot net

Last Updated: January 21, 2005