I am a bit confused from various sources about the abstraction level and layers that a file resides in forensic imaging. I have found two slightly different explanations:
The first one includes
- a) Physical Layer (sectors,cylinders etc.)
b) Data Layer (Unallocated space etc.)
c) Metadata Layer (i-nodes, alternative data streams etc.)
e) File System Layer (superblock, boot sector etc.)
f) File Name Layer
The second one includes:
- a) Physical Media Layer (sectors,cylinders etc.)
- b) Media File Layer (partitions etc.)
- c) System Layer (boot sector etc.)
- d) Application Layer (ascii etc.)
I notice there are some similarities but I try to figure out if the 1st one is an extension of the second or else. Can anyone clear this out?