1. Interested in learning
more about security?
SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Reverse Engineering the Microsoft exFAT File
System
The Extended FAT File System (exFAT) is a new and not yet widely used file system. It has been out for a few
years and it will gain acceptance and momentum with the release of storage devices that will support the new
SDXC standard. Forensics investigators and the maker of forensics tools need to be ready and prepared for an
influx of acquired evidence that requires analysis of this new file structure.
Copyright SANS Institute
Author Retains Full Rights
AD