Examining NTFS File System

Abstract

Learning Objectives The objectives of this chapter are to: • Understand fundamental concepts of the NTFS file system • Understand the NTFS file system structure • Perform in-depth analysis of a NTFS file system and discover the locations of its important data structures Preceding chapters in this part have been aimed at helping you understand fundamentals of FAT File Systems. This chapter is focusing on NTFS (NT file system; sometimes New Technology File System). NTFS, like FAT file system, is another proprietary file system developed by Microsoft. 7.1 New Technology File System New Technology File System (NTFS) was first introduced in the Windows NT operating system to overcome some of the limitations of FAT including disk size, disk space utilization and the length of file names. Later, it became the preferred file system for all subsequent versions of Microsoft Windows Operating System product line (e.g. Windows XP Professional, Windows Vista, Windows 7). It replaced FAT file system (although, still favourable for small storage devices), and offered many improvements. A major advantage is its reliability. For instances, NTFS keeps detail transaction logs that track file system metadata changes to the volume using the NTFS Log ($LogFile as shown in Table 7.1). Scalability and security features like file and folder permission, encryption, sparse file, alternate data stream, and compression makes NTFS more complicated than its predecessor, such as FAT file