TSK data structure to store general file and directory metadata.
More...
#include <tsk_fs.h>
Public Attributes
Address of the meta data structure for this file.
last file content accessed time (stored in number of seconds since Jan 1, 1970 UTC)
nano-second resolution in addition to a_time
Contains run data on the file content (specific locations where content is stored).
More...
size of content buffer
Pointer to file system specific data that is used to store references to file content.
File system-specific and describes type of data in content_ptr in case file systems have multiple ways of storing things.
Created time (stored in number of seconds since Jan 1, 1970 UTC)
nano-second resolution in addition to cr_time
last file / metadata status change time (stored in number of seconds since Jan 1, 1970 UTC)
nano-second resolution in addition to c_time
Flags for this file for its allocation status etc.
group id
Name of target file if this is a symbolic link.
Unix-style permissions.
last file content modification time (stored in number of seconds since Jan 1, 1970 UTC)
nano-second resolution in addition to m_time
Name of file stored in metadata (FATXX and NTFS Only)
link count (number of file names pointing to this)
void(* reset_content )(void *)
Sequence number for file (NTFS only, is incremented when entry is reallocated)
file size (in bytes)
address within file system where inode structure begins
int tag
union {
struct {
Linux deletion time.
nano-second resolution in addition to d_time
} ext2
struct {
HFS+ backup time.
nano-second resolution in addition to bkup_time
} hfs
struct {
NTFS access time stored in FILE_NAME.
NTFS access time stored in FILE_NAME in nano-second resolution.
NTFS Created time stored in FILE_NAME.
NTFS Created time stored in FILE_NAME in nano-second resolution.
NTFS change (MFT Entry) time stored in FILE_NAME.
NTFS change (MFT Entry) time stored in FILE_NAME in nano-second resolution.
Attribute ID used to populate FN times.
NTFS mod (content) stored in FILE_NAME.
NTFS mod time stored in FILE_NAME in nano-second resolution.
} ntfs
} time2
File type.
owner id
Detailed Description
TSK data structure to store general file and directory metadata.
Note that the file in the file system may have more metadata than is stored here. For performance reasons, the run list of the file content is not always known when the file is loaded. It may be loaded only when needed by the internal code. The TSK_FS_META::content_ptr pointer contains file system-specific data that will be used to determine the full run. After it has been loaded, the TSK_FS_META::attr field will contain that info.
Member Data Documentation
The documentation for this struct was generated from the following file: