Unlike FAT32, and NTFS, Unix comes in many different flavours. The most popular one is probably Linux, followed by implementations on a Sun.

The basic structure of Unix based file systems is very similar, and actually very simple, but there are differences between versions that have arisen as disks have got larger, and for optimization. The variations that CnW Recovery handles are current limited, but this list will grow. Deleted files for support for XFS on V3.07. It should be noted that a single Linux system can have several disks, all with different file systems, and often multiple file systems on a single disk (in different partitions).

Basic Unix Structure
The file systems have three basic elements, a Superblock, a series of iNodes and data blocks. There are stored in the same sequence, though some systems do duplicate the Superblock on a regular basis to allow for disk failure and subsequent recovery.

Superblock
The Superblock identifies are gives parameters for the complete file system. It includes details of the number of blocks, and the size of a block. It also have the number of inodes, and very importantly a signature, called the magic Number. This magic number is sometimes stored at location 0x1f8 of the superblock, and can be used to search for a superblock, when other pointers have become corrupted. Examples of values for the magic number include
● HTFS 0xA060492A
● SCO 0xFD187E20

Other values include
● UFS1 0x11954 at offset 0x55c
● UEXT1 0xEF53 at offset 0x58 (used on Ext2/3/4)
● XFS first block starts with the letters XFSB, the following sectors are XAGF, XAGI
● RiEsEr2Fs For Reiser FS

iNodes
An inode contains details of a file. This will be pointers to where it is stored on the disk, file attributes , size and dates. Interestingly, unlike a Windows MFT, it does not store the file name, though the inode can be used to store file data for short files. iNodes are store sequentially, starting at logical block 2, and inode 2 always points to a file which is the root directory. The directory is a file which has file names, and an inode number that relates to either a file, or another directory entry - the attributes indicate whether it is a file o a directory. Very short files can be stored within the iNode. The iNode structure on ext4 is often different to that of ext2/3 and also the iNode on ext4 is 0x100 bytes long. Other systems can have iNode of 0x80 or 0x200 bytes.

Data area
The data area is all the remaining disk after the inodes. It is made up of logical blocks (same as clusters on a windows system) and blocks are always a multiple of 512. eg 1024, 2048, 4096 bytes etc.

Groups
Each Unix system works slightly differently with groups or fragments. Largely it is way to break up a disk into smaller sectors so that inodes etc tend to local to the data. XFS disks for instance use local addresses as well as global addresses

Reiser FS disk structure
The Reiser FS disk structure is unusual. The big difference is that it fills blocks to a much higher level than normal systems. A single 4K logical block could contain both directory information and file content for several short files. In comparison, a FAT disk always has a cluster for each file, and potentially 31K of free space. NTFS will include short files in a 1K directory block, but Reiser takes this a few stages further by mixing several types of data within a single block. The other difference is there is no specific file allocation table, and each logical block is pointed to by a series of direct or indirect pointers, all reference by a 16 byte key string. Performance is often considered fairly good

XFS
XFS is a variation of Ext2 and Ext3 file systems. It works by treating areas of the disk as a separate disk, with it’s own allocation table and directory (iNodes). Although the rest of the disk is available, when possible all transactions are done in a single area. This makes disk sharing simpler, and also results in a high performance system. V3.07 will recover deleted files, a very unusual feature of data recovery programs

Multiple file systems
A Unix disk may contain areas with different file systems - such as partitions on a Windows disk. Currently, it may be necessary to scan the disk with the partition function to find all existing file systems. If a disk looks very empty, then this approach may assist.

Unix Data recovery
One approach is to scan the whole disk for iNodes. These are the basis of all files and if valid, can produce a very accurate recovery.