Security Diaries All About Security
Related Articles
Even though FAT is one of the widely used file system it lacks many features. When Windows is about to launch Windows NT, which is sever based operating system they want to launch a new file system that can have capabilities that FAT doesn’t have.
NTFS stands for New Technology File System. Since the launch of Windows NT all windows products are shifted to NTFS file system slowly. It is there for more than 25 years for now.
NTFS introduced many new capabilities that doesn’t have. Unlike FAT fixed length NTFS has variable table size that increases with the usage. NTFS has a Master File Table(MFT) which is core to its file system.
MFT – Master File Table
Master file table stores all the information about the files. Instead of storing pointers in FAT, NTFS knows exactly where the files are and their names too. There are two copies of MFT stored.
Every file in name in MFT starts with $ and bitmap is a file in NTFS which stores data regarding used and unused cluster in the volume. If new file takes up any space, then that space is marked in bitmap and that maps the clusters to find the file.
MFT stores meta data of the file which has information like
- Filename
- Data location
- File times
- Access permissions
NTFS supports data streams. The feature that can break complete hard drive. It can launch DoS attack on your hard drive. Alternate Data Streams is something that gave lots of people an opportunity to start companies and create softwares on it.
Using alternate data streams, we can change meta data of the file and we can store a file in meta data. For example, we can create a text file of 1KB and we can store a 50GB file in its metadata using alternate data stream. File size shows it as 1KB, but it uses 50GB of your space and you can’t find out which file is consuming all your space.
You cannot open ADS files directory. This is the syntax to open those files.
Filename:stream
Only on command line we can open that files. And another thing is not all apps supports ADS. Don’t worry if you are confused we will make a separate tutorial on it.
ADS are introduced to hide files from other people. We cannot delete ADS files unless we have third party softwares that can delete them. If you have too many files, it’s a big thing to manage.
First data streams are introduced to store Mac files as windows NT is server-based OS. Using data streams, we can store any type of file as Mac file system is different data streams are introduced.
There are other capabilities that are introduced by NTFS
Special Features of NTFS
Access Control lists: List of users that can have access to files. We can also limit specific users to specific files.
Quotas: assigning specific amount of space to specific people.
Encryption: encrypting all your files for security.
NTFS vs FAT
Must Read: What is Supply Chain Attack.
