Windows File System. File allocation table (FAT) NTFS - New Technology File System. used in Windows 95, and MS-DOS

Similar documents
Advanced Operating Systems

Operating Systems. Lecture File system implementation. Master of Computer Science PUF - Hồ Chí Minh 2016/2017

NTFS Recoverability. CS 537 Lecture 17 NTFS internals. NTFS On-Disk Structure

makes floppy bootable o next comes root directory file information ATTRIB command used to modify name

COMP091 Operating Systems 1. File Systems

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

Example Implementations of File Systems

15: Filesystem Examples: Ext3, NTFS, The Future. Mark Handley. Linux Ext3 Filesystem

Chapter Two File Systems. CIS 4000 Intro. to Forensic Computing David McDonald, Ph.D.

Table 12.2 Information Elements of a File Directory

On-disk filesystem structures

Vorlesung Computerforensik. Kapitel 7: NTFS-Analyse

Main Points. File layout Directory layout

File Systems. Martin Děcký. DEPARTMENT OF DISTRIBUTED AND DEPENDABLE SYSTEMS

File System Concepts File Allocation Table (FAT) New Technology File System (NTFS) Extended File System (EXT) Master File Table (MFT)

Roadmap for This Lecture

File Management. Chapter 12

Guide to Computer Forensics and Investigations Fourth Edition. Chapter 6 Working with Windows and DOS Systems

File Systems. What do we need to know?

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission

Introduction to OS. File Management. MOS Ch. 4. Mahmoud El-Gayyar. Mahmoud El-Gayyar / Introduction to OS 1

ECE 598 Advanced Operating Systems Lecture 14

Segmentation with Paging. Review. Segmentation with Page (MULTICS) Segmentation with Page (MULTICS) Segmentation with Page (MULTICS)

Chapter 12: File System Implementation

ECE 598 Advanced Operating Systems Lecture 18

File System Interpretation

CS3600 SYSTEMS AND NETWORKS

File System Implementation. Sunu Wibirama

NSTL White Paper. System Performance and File Fragmentation. In Windows NT

Hard facts. Hard disk drives

CHAPTER 11: IMPLEMENTING FILE SYSTEMS (COMPACT) By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

Machine Language and System Programming

Motivation. Operating Systems. File Systems. Outline. Files: The User s Point of View. File System Concepts. Solution? Files!

Chapter 8: Filesystem Implementation

File Systems. File system interface (logical view) File system implementation (physical view)

Files. File Structure. File Systems. Structure Terms. File Management System. Chapter 12 File Management 12/6/2018

NTFS File System and Data Security. Yanhui Tu. KingSoft

Lecture S3: File system data layout, naming

Windows 7 Overview. Windows 7. Objectives. The History of Windows. CS140M Fall Lake 1

Journaling. CS 161: Lecture 14 4/4/17

File systems Computer Forensics

File Systems. Chapter 11, 13 OSPP

C13: Files and Directories: System s Perspective

File Directories Associated with any file management system and collection of files is a file directories The directory contains information about

Che-Wei Chang Department of Computer Science and Information Engineering, Chang Gung University

File Systems 1. File Systems

File Systems 1. File Systems

Long-term Information Storage Must store large amounts of data Information stored must survive the termination of the process using it Multiple proces

File System Internals. Jo, Heeseung

File System Internals. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

FILE SYSTEM IMPLEMENTATION. Sunu Wibirama

File system internals Tanenbaum, Chapter 4. COMP3231 Operating Systems

Computer Systems Laboratory Sungkyunkwan University

CS370 Operating Systems

Windows History 2009 Windows 7 2

File system internals Tanenbaum, Chapter 4. COMP3231 Operating Systems

Typical File Extensions File Structure

FILE SYSTEMS. CS124 Operating Systems Winter , Lecture 23

Files & I/O. Today. Comp 104: Operating Systems Concepts. Operating System An Abstract View. Files and Filestore Allocation

Operating Systems. Operating Systems Professor Sina Meraji U of T

Unit OS8: File System

File System Internals. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

File Shredders. and, just what is a file?

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission 1

CS 4284 Systems Capstone

Interited features. BitLocker encryption ACL USN journal Change notifications Oplocks

Thanks for the feedback! Chapter 8: Filesystem Implementation. File system operations. Acyclic-Graph Directories. General Graph Directory

A file system is a clearly-defined method that the computer's operating system uses to store, catalog, and retrieve files.

File Systems. CS170 Fall 2018

Chapter 4. File Systems. Part 1

File Systems Management and Examples

File system implementation

File system implementation

Filesystems Overview

Implementation should be efficient. Provide an abstraction to the user. Abstraction should be useful. Ownership and permissions.

File Systems Ch 4. 1 CS 422 T W Bennet Mississippi College

Outline. Operating Systems. File Systems. File System Concepts. Example: Unix open() Files: The User s Point of View

File System Implementation. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

we are here I/O & Storage Layers Recall: C Low level I/O Recall: C Low Level Operations CS162 Operating Systems and Systems Programming Lecture 18

CS333 Intro to Operating Systems. Jonathan Walpole

Introduction. Secondary Storage. File concept. File attributes

Microsoft File Allocation Table

File Management 1/34

From last time. What is the maximum size of a file in bytes? What is the maximum total size of directories and files in a single disk partition?

Chapter 11: Implementing File Systems

we are here Page 1 Recall: How do we Hide I/O Latency? I/O & Storage Layers Recall: C Low level I/O

Operating systems. Lecture 7 File Systems. Narcis ILISEI, oct 2014

File systems. Mag. iur. Dr. techn. Michael Sonntag

What does a file system do?

OPERATING SYSTEMS CS136

Lecture 24: Filesystems: FAT, FFS, NTFS

COMPARATIVE STUDY OF TWO MODERN FILE SYSTEMS: NTFS AND HFS+

Chapter 12: File System Implementation

Frequently asked questions from the previous class survey

Local File Stores. Job of a File Store. Physical Disk Layout CIS657

File Systems: Fundamentals

File Systems. CS 4410 Operating Systems. [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse]

File System Implementation

Figure 1-1 Example of File System Layout

CS 537 Fall 2017 Review Session

Transcription:

Windows File System

Windows File System File allocation table (FAT) used in Windows 95, and MS-DOS NTFS - New Technology File System 2

Key features of NTFS NTFS uses clusters(rather than sectors) as units of disk allocation. Sector: Smallest physical storage unit on disk Data size in bytes is a power of 2 (typically 512 bytes) Cluster: One or more contiguous sectors Size in sectors is a power of 2 example, 1KB for volumes up to 1 GB 2KB for volumes up to 2GB 4KB for larger volumes 3

Key features of NTFS Uses logical cluster numbers as disk addresses A file is a structured object that has attributes such as name, creation time, security (ACL), data attributes 4

Key features of NTFS Security Each file references a security descriptor Contains an access token for the owner Contains an ACL (access control list) General indexing facility Can index file using different attributes e.g., size, date last created, name Recoverability 5

Recoverability In the event of a crash, NTFS can reconstruct disk volumes to a consistent state. File system information can be retrieved, not necessarily the data in the files. Uses transaction processing: A change is an atomic operation and the change is logged, when (successfully) completed 6

Recoverability Log each transaction that modifies the volume Enter transaction in log file (cache) Perform action on volume (cache) Write log file to disk Write volume to disk In the event of a crash in the midst of a transaction, the log file can be used to redo or undo the transaction. 7

Important concepts in NTFS Uses 64-bit disk addresses Can theoretically support disk partitions of size 2^64 bytes Individual file names limited to 255 chars Files names 2^8 characters (Unicode) Full path names limited to 32,767 chars Path names 2^15 characters 8

Important concepts in NTFS File consist of multiple attributes Each attribute represented by stream of bytes name of the file, 64-bit object ID, long unnamed stream of data (max length 2^64 bytes) Some files have 2 named streams instead 1 unnamed stream e.g., foo:stream1 (borrowed from MAC) Possible uses Photo and thumbnail, permanent word doc and temp doc during word procession Uses file pointers to keep track of where a process is in a file 9

NTFS file management API NTFS (Windows 2000, XP, Vista) provides an API with functions for doing file I/O Second column gives nearest UNIX equivalent 10

NTFS directory management API These are the major API calls for directories in NTFS Like UNIX, the directory structure is hierarchical The separator between component names is \ (inherited from MS-DOS) instead of / 11

NTFS volume layout Each NTFS volume (e.g., disk partition) contains files, directories, bitmaps, and other data structures organized as linear sequence of fixed sized (512B to 64 KB) blocks (Microsoft calls them clusters) Most NTFS disk volumes use 4 KB clusters Advantage: compromise between low internal fragmentation and efficient transfer 12

NTFS volume layout Clusters are referred to by their offset from the start of the volume (using 64-bit numbers) Main data structure in each volume is the Master File Table or MFT contains a linear sequence of fixed-size 1 KB records 13

NTFS volume layout 14

NTFS volume layout The disk volume is partitioned into two zones Data-zone MFT-zone Occupies about 22% of the clusters Allows for the MFT to be stored in contiguous locations Hence, allows for faster access If the data-zone runs out of space, then the space in the MFTzone may be used. MFT may become fragmented. The standard defragmentation tool cannot de-fragment MFT. Tools to defragment the MFT Diskeeper, PerfectDisk, O&O Defrag 15

Master File Table (MFT) Recall: Main data structure in each volume is the Master File Table or MFT contains a linear sequence of fixed-size 1 KB records Each MFT record describes one file or directory A record contains the files attributes (name, timestamp, list of disk addresses where blocks are located) If file is extremely large, multiple MFT records are used to hold the list of all blocks of file MFT contains records for metadata files File names begin with a $ sign An entry for MFT itself 16

MFT records 17

NTFS metadata files NameMFT Record Description $MFT 0 Master File Table NTFS's command central $MFTMIRR 1 Copy of the first 16 records of the MFT $LOGFILE 2 Transactional logging file $VOLUME 3 Contains volume serial number, creation time, and dirty flag $ATTRDEF 4 Attribute definitions. 5 Root directory of the disk $BITMAP 6 Contains drive's cluster map (in-use vs. free) $BOOT 7 Boot record of the drive $BADCLUS 8 Lists bad clusters on the drive $QUOTA 9 Contains user quota information unused before NT 5.0 NTFS $UPCASE 10 Maps lowercase characters to their uppercase version Article from WindowsITPro by Mark Russinovich- Reference # 4 18

NTFS metadata files System files MFTMIRR A mirror of the first 16 records (including the 11 metafiles) of the MFT, placed in the middle of the disk partition. Log file A list of the transactions used for recovery Cluster bit map Attribute definition table Defines types of attributes supported Indicates whether they can be indexed Indicates whether they can be recovered 19

MFT record details Each record describes a file or a folder Contains the set of attributes that define the file May contain the data of the file if the data is small enough Contains pointers to clusters that hold the rest of the data for the file 20

Attributes in a MFT record 21

An MFT record for a 3-run file 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback