Disk Storage (Wiki)

The content of the Security Analogies wiki is now available here, under the GNU Free Documentation License 1.2.

Thanks to Evilc for the content of this page.

This is an analogy that I use to explain disk storage, I find that it can be adapted to explain a lot of disk based concepts.

A Row of Shelves

Imagine disk storage as a row of shelves. On the shelves are numbered boxes. The boxes are full of documents (stacks of papers). Each box is analagous to a "cluster", each stack of papers in a box is analagous to part or all of a "file".

If a document is too big to fit in one box, it can be split amongst multiple boxes, but there will never be bits of more than one document in any given box. Bits of a documents that span more than one box are not necesarrily in consecutive boxes, or even in the right order.

Different file systems (ie FAT, NTFS) have different methods of keeping track of what is in what box. Some have a book which lists what is in box, and some have a book which lists which box the first part of each document is in, and the last page in each box tells you what box to look in next (a "linked list").

Some systems have a book as above, but if the document is really small (ie just a line or so) then it just goes in the book.

Some systems might just write it on the front of the box.

Generally speaking though, it isn't important to this analogy. In the future we will just assume what is in the box is written on the front (say a dry wipe marker).

OK, so what about deleting files?

Well, if you "delete" a file, the box is not emptied. Instead, a big red X is put on the front of the box to mark it as "empty". If space is needed to store a document in the future, you may use a box that has an X on it—at that point and that point only do you chuck away the sheets of paper comprising (maybe only part of) the old (deleted) document and put the sheets of paper for the new document inside the box instead. This is how files can be undeleted—unless the box has been re-used, you have a chance. Even if a box has been re-used, then if some boxes that contained part of the document havent been reused then you could geta those sheets back, but not the whole document—in this case, a filing system that uses the "linked list" system detailed above may have trouble if you lose the contents (delete aand re-use) box in the middle of the chain—you don't know where to carry on.

Slack space

Lets expand the analogy a little. The boxes aren't actually just boxes. Inside each box is a number of drawers (imagine an stack like in/out trays). Filing systems can use different sized boxes with different size / number of drawers. This is analgous to "cluster size".

The rows of drawers in each box has a pointer mounted on a slider down the side, so that you can indicate which tray is the last one used. If the pointer is pointing to the second tray from the top, all the drawers after that are considered "empty" (ie like having a red X on a box to indicate it is empty)

When you store part of a doocument in a box, you fill the top drawer first, then the second, etc, etc. Drawers are not like boxes, they are always filled in order.

A filing system can get inefficient if you store lots of small one sheet documents and the drawers are big—the wasted drawers in each box are called "Slack space".

As mentioned above, when you delete a file, and boxes are marked with a red X, you do not empty the drawers in that box. When you come to re-use the box, you start from the top drawer, emptying out and throwing away the bits of the "deleted" document from each drawer and moving the pointer down to the next drawer as required. When you have finished filling the drawers for the new document, you do not carry on emptying out the drawers below it of the old document—the pointer on the side of the drawers in each box lets you know what is current document and what is old deleted data. In this way, documents and data can be recovered from "slack space".

WebSanity Top Secret