Recovering a random file from a FAT32 USB flash drive using disk editor


I need someone to do the following three steps using a flash drive and capture the whole process with details.

- Step 1

As the first step, open the USB flash drive in the disk editor and locate the boot sector. Read the

following information about the flash drive from the BPB and extended-BPB of the boot sector.

You will have to refer to online references for the format of the boot sector, for example:

[url removed, login to view]

(a) What is the sector size – i.e. bytes per sector? (512)

(b) What is the cluster size – i.e. sectors per cluster? (32)

(c) How many hidden sectors are there? Hidden sectors are the first few sectors of the disk.


(d) How many reserved sectors are there? Reserved sectors follow the hidden sectors and

include the boot sector. Boot sector is regarded as sector 0. (18)

(e) How many copies of the boot sector does it have?

(f) What is the total number of sectors? (15,633,376)

(g) How many copies of the FAT are there? (2)

(h) What is the FAT size – sectors per FAT? (3815)

(i) What is the cluster number of the root directory? This is the same as the first cluster of

the data area. (2)

(j) What is the first sector of the root directory i.e. the first sector of the data area? (114752)

- Step 2

Now try to locate your sample file in the root directory. Obtain its starting cluster number and

access the starting cluster in the FAT. What is the value for this cluster in the FAT? Obtain the

chain of clusters that store file’s data from the FAT. Note that if your file is small it may fit in

just one cluster with FAT entry for the cluster indicating this is the last and the only cluster of the

file. Access the starting and other clusters of the file and verify that the clusters have file’s data.

- Step 3

Delete your sample file and see the effect on the file’s entry in the root directory. Is the first

cluster of the file indicated in the root directory? What about the FAT entry for the starting

cluster – what is it value? Can you obtain the file’s chain of clusters? What about the data in the

file’s clusters – do they still have the data? If you are able to find the file’s data, try to retrieve it.

IMPORTANT! [Please open a notepad and write (Abdullah Alkahtani - OS) in every screen capture]

Skills: Windows Desktop

