that makes it different from the UNIX file systems that the original TCT was designed for. This
document gives a quick overview of NTFS and how it was implemented. The biggest difference is the
use of Alternate Data Streams (ADS) when specifying a meta data structure.
FILES
Files in NTFS typically have the following attributes:
- $STANDARD_INFORMATION (#16): Contains MAC times, security ID, Owners ID,
permissions in DOS format, and quota data.
permissions in DOS format, and quota data.
and the MFT entry of the parent directory.
$OBJECT_ID (#64): Identifiers regarding the files original Object ID, its birth Volume ID, and
Domain ID.
$DATA (#128): The raw content data of the file.
When a file is deleted, the IN_USE flag is cleared from the MFT entry, but the attribute contents still
exist.
DIRECTORIES
Directories in NTFS are indexed to make finding a specific entry in them faster. By default, they are
stored in a B-Tree sorted in alphabetical order. There are two attributes that describe the B-Tree
contents. Directories in NTFS typically have the following attributes:
stored in a B-Tree sorted in alphabetical order. There are two attributes that describe the B-Tree
contents. Directories in NTFS typically have the following attributes:
$FILE_NAME
$OBJECT_ID
$INDEX_ROOT : The root of the B-Tree. The $INDEX_ROOT value is one more more "Index Entry" structures that each describe a file or directory. The "Index Entry" structure contains a copy of the "$FILE_NAME" attribute for the file or sub-directory.
$INDEX_ALLOCATION : The sub-nodes of the B-Tree. For small directories, this
attribute will not exist and all information will be saved in the $INDEX_ROOT structure. The content of this attribute is one or more "Index Buffers". Each "Index Buffer" contains one or more "Index Entry" structures, which are the same ones found in the $INDEX_ROOT.
$BITMAP : This describes which structures in the B-Tree are being used.
When files are deleted from a directory, the tree node is removed and the tree is resorted. Therefore, the
"Index Entry" for the deleted file maybe written over when the tree is resorted. This is different than what is usually seen with UNIX and FAT file systems, which always have the original name and structure until a new file is created. Also, when the tree is resorted, a file that is on the bottom of the tree can be moved up and a deleted file name will exist for the original location (even though it was never deleted by a user).
"Index Entry" for the deleted file maybe written over when the tree is resorted. This is different than what is usually seen with UNIX and FAT file systems, which always have the original name and structure until a new file is created. Also, when the tree is resorted, a file that is on the bottom of the tree can be moved up and a deleted file name will exist for the original location (even though it was never deleted by a user).
Tidak ada komentar:
Posting Komentar