NTFS is a file system introduced by Microsoft in 1993 for Windows NT operating systems. It improved on previous file systems with features like larger storage capacity support, redundancy, security, and performance improvements important for businesses. NTFS formats volumes with system files including the Master File Table that stores metadata for all files and folders. It provides security, compression, encryption and other advanced features through file attributes. NTFS also supports features like sparse files, recoverability, and alternate data streams.
1. NTFS FILE SYSTEM ASSIGNMENT #2
Ravi Yasas Jayasundara
ICT 2010 / 2011 / 013
2. P a g e 1 | 9
Introduction
In a windows platform there are many disk file systems. Since they create their operating system, they have
introduced many file systems with growing performances. There I have mentioned file systems they have used.
I. FAT (File Allocation Table)
II. HPFS (High Performance File System)
III. NTFS (New Technology File System)
IV. ExFAT (Extended File Allocation Table)
V. ReFS (Resilient File System)
In this project I am going to find out about NTFS.
History of NTFS
This file system was introduced by Microsoft in 1993 begging with Windows NT 3.1 operating system. Later
this is used in windows 2000, Windows XP, Windows 7, and Windows 8 and also in windows server 2003,
Windows server 2008 and Windows server 2012.
In the 1980s, IBM and Microsoft, we established a joint venture to create the next generation of graphical
operating systems. As a result of this project, which is located in OS / 2, do not agree with a number of
important issues, IBM and Microsoft are finally separated. OS / 2 is a project of IBM. Microsoft has launched
(citation needed) to run on Windows NT. The HPFS file system for OS / 2, which contains several important
new features. When you create a new operating system, Microsoft is, they borrowed many of the concepts
for NTFS.
Why Microsoft moved to New Technology File System?
Microsoft needed more supported file system to their operating system in 1993 Windows NT. After this
operating system they wanted to make high capacity operating systems with large HDD to done anything that
customer needed in these days. So they wanted to make new generation file system to achieve this purpose.
Then they moved to NTFS file system which is a great file system still using.
Since Windows NT was targeting businesses and corporations, the reliability of the data stored on the system
became more of a priority that speed as in the case of home computer users. In a corporate environment, if a
system fails and data is lost, speed becomes irrelevant. To support recoverability, the new file system, NTFS,
provided file system recovery based upon a transaction-processing model as well as an improved write-
caching feature.
3. P a g e 2 | 9
Differences between main file systems
NTFS 5 NTFS ExFAT FAT32
Operating systems
Windows 2000
Windows XP
Windows Vista
Windows 7
Windows Server
2003
Windows Server
2008
Windows NT
Windows 2000
Windows XP
Windows Vista
Windows 7
Windows Server
2003
Windows Server
2008
Windows CE 6.0
Windows Vista
Windows 7
DOS v7
Windows 98
Windows ME
Windows 2000
Windows XP
Windows Vista
Windows 7
Windows Server
2003
Limitations
Max volume size 26 clusters minus 1
cluster
26 clusters minus 1
cluster
128PB 32GB for all OS,
2TB for some OS
Max files on volume 4,294,967,295 4,294,967,295 Unlimited 4,194,304
Max file size 264 bytes minus
1kb
244 bytes minus
64kb
16EB 4GB minus 2 bytes
Max cluster number 264 clusters minus 1 232 clusters minus 1 4294967295 4177918
Max file name Length Up to 255 Up to 255 Up to 255 Up to 255
File system features
Boot sector location First and last sector First and last sector Sectors 0 to 11 copy
in 12 to 23
First sector and
copy in sector #6
File attributes Standard and
custom
Standard and
custom
Standard set Standard set
Alternate streams Yes Yes No No
compression Yes Yes No No
Encryption Yes No No No
Object permission Yes Yes Yes No
Disk quotas Yes No No No
Sparse files Yes No No No
Reparse points Yes No No No
Volume mount Yes No No No
4. P a g e 3 | 9
Performance
Built in security Yes Yes Yes minimal ACL
only
No
Recoverability Yes Yes Yes if TFAT activated No
Performance Low on small
volumes high on
large
Low on small
volumes high on
large
High High on small
volumes low on
large
Disk space economy Max Max Max Average
Fault tolerance Max Max Yes if TFAT activated minimal
Versions
I. V1.0 Windows NT 3.1
II. V1.1 Windows NT 3.5
III. V1.2 Windows NT 3.51 and Windows NT 4.0
IV. V3.0 Windows 2000
V. V3.1 Windows XP
VI. V5.0 Windows
NTFS structure
Formatting a volume with the NTFS file system results in the creation of several system (metadata) files such
as $MFT — Master File Table, $Bitmap, $LogFile and others, which contains information about all the files
and folders on the NTFS volume.
Formatted NFTS volume
System filesMaster file tablePartition boot
sector
File area
5. P a g e 4 | 9
NTFS boot sector
When you format an NTFS volume, the format program allocates the first 16 sectors for the $Boot
metadata file. First sector, in fact, is a boot sector with a "bootstrap" code and the following 15 sectors
are the boot sector's IPL (initial program loader). To increase file system reliability the very last sector
an NTFS partition contains a spare copy of the boot sector.
There are two different structures.
I. BIOS parameter block
II. Volume boot code
NTFS Master File Table (MFT)
Each file on an NTFS volume is represented by a record in a special file called the master file table
(MFT). NTFS reserves the first 16 records of the table for special information. Each file on an NTFS
volume is represented by a record in a special file called the master file table (MFT). NTFS reserves the
first 16 records of the table for special information. Below you can see the Master File Table Structure.
6. P a g e 5 | 9
System Files
System File File Name MTF Record
Master File Table $Mft 0
Master File Table 2 $MftMirr 1
Log File $LogFile 2
Volume $Volume 3
Attribute definitions $AttrDef 4
Root file name index $ 5
Cluster bitmap $BitMap 6
Boot sector $Boot 7
Bad cluster file $BadClus 8
Security file $Secure 9
Upcase table $Upcase 10
NTFS extension file $Extend 11
Quota management file $Quota 24
Object ID file $Objid 25
Reparse point file $Reparse 26
File area
This area re served for the user and in this area, all your files to be stored.
MTF record for a small file or directory
This design is very fast file access. For example, if you have a list of names and addresses of the FAT file system
as a file, you can use the file allocation table. FAT directory entries, including File Allocation Table index. If you
want to see the file, the file allocation table FAT first states to ensure that this is available. Then, the file is
given a separate number for the chain, is the FAT file. You can file as soon as possible, NTFS, see, but to be
used as.
Only the file as a record, master file table entries contained in the directory. Instead, information, directory,
index information is available. There are quite a few of the MFT file record. MFT cannot be included in the
directory entry to record the foreign indicator B-tree is a great guide.
Standard
information
File or directory
name
Date or indexSecurity
description
7. P a g e 6 | 9
File attributes
Standard information Includes information such as Timestamp and link count.
attribute Displays a list of all the attribute data that do not fit in the MFT record.
filename A repeatable attribute for both short filenames. The long file can be up to 255
characters Unicode. The short is 8.3, case-sensitive name for the file.
Additional names, or hard links, required by POSIX can be included as
additional attributes File name.
Security Descriptor Describes who owns the file and who can access it.
data Contains data files. NTFS allows multiple attributes for the file data. Each file
typically has one unnamed data attribute. A file can have one or more named
data attributes, each of which uses a special syntax.
object ID A unique volume ID file. Used by the distributed link tracking service. Not
everyone has the object identifier files.
Stream logged Utility Similar to a data stream, but operations logged in the log file just like NTFS
metadata changes NTFS. This is used by EFS.
Reparse Used for volume mount points. They are also used by the installable file
system (IFS) filter drivers to mark certain files as special to that driver.
Root Index Used to implement folders and other indicators.
allocation Index Used to implement folders and other indicators.
bitmap Used to implement folders and other indicators.
volume information Used only in the $ Volume system file. Contains the volume version.
volume Name Used only in the $ Volume system file. Contains the volume label.
Features of NTFS file system
I. Logging
II. Transaction – based
III. File and folder permission
IV. Disk quotas
V. Reparse points
VI. Sparse file support
VII. Compression
VIII. Encryption
IX. Alternate data streams
X. Recoverability
8. P a g e 7 | 9
Sparse files
Clusters that contain all zeros are not written to disk. Other thing is analysis considerations. A deleted
sparse file is hard to recovery. If file system metadata is deleted or corrupted, a sparse file might not
be recoverable.
File compression
Files that are compressed on an NTFS volume can be read and written by any Windows-based
application without first being decompressed by another program. Decompression happens
automatically during the read of the file. The file is compressed again when it is closed or saved.
Recoverability
The NTFS recovery disk recovery programs running in the volume NTFS rare, allows the user to NTFS
volumes using standard recovery techniques to ensure the transaction log. In case of a system error
log files, and automatically restore the file system NTFS checkpoint. For more information about how
to restore your system to recover the data, and the Emergency Repair Disk (ERD).
Encrypting
Uses both symmetric key encrypting (DESX) and asymmetric key encryption (RSA). Generates a single
file encryption key (FEK) and encrypts file with FEK using DESX. It stores FEK with file. FEK is encrypted
with the public key of the user. FEK to decrypt the user's private key. If the policy allow, is also
encrypted FEK using the public key of the recovery agent and (Decrypting the private key recovery
Agent).
Alternate data streams
This means data added to a file. It almost impossible to detect with normal file browsing techniques.
9. P a g e 8 | 9
Advantages of NTFS file system
I. Faster access speed – This file system minimizes the number of accesses required to find a file.
II. File and folder security – In this NTFS you are allowed to use the files and folders that you specify, or
permissions and access levels you can gain access to. Users in a shared folder on the computer and
files stored in files, the NTFS file and folder permissions on the files to a network for users to access
and apply. In addition, when you use the NTFS file and folder with a combination of shared folder
permissions manipulated.
III. Boot sector can be backed up
IV. Disk quotas can be set
V. Can format volumes up to 2TB
VI. NTFS file system is used also in Mac OS x and Linux operating systems.
Disadvantages of NTFS file system
I. This file system is not applicable for MS DOS, Windows 95, and Windows 98.
II. It is slow when using small disks.
Extra
Creating an NTFS file
1. Read volume boot sector to locate MFT.
2. Read first entry in MFT to determine layout of MFT.
3. Allocate an MFT entry for the new file.
4. Initialize MFT entry with $STANDARD_INFORMATION, etc.
5. Check MFT $Bitmap to find free clusters, using best-fit algorithm.
6. Set corresponding $Bitmap bits to 1.
7. Write file content to clusters and update $DATA attribute with starting address of cluster run and run length.
8. Read root directory (MFT entry 5), traverse index, and find dir1.
9. Read $INDEX_ROOT attribute for dir1 and determine where file1.txt should go.
10. Create new index entry; resort index tree.
11. Enter steps in $LogFile (as each step is taken).
10. P a g e 9 | 9
Conclusion
Windows NTFS file system, a strong expansion such Greece previous file systems, FAT (File Allocation Table)
file system and HPFS (High Performance File System). NTFS, capacity added therefore, using fault tolerance
and redundant data, and file security, Support for mission critical applications used by businesses and
organizations data integrity and high performance requirements. Microsoft as a result of efforts file system,
such as data security and the security of the space on the disk.
References
http://www.ntfs.com
http://en.wikipedia.org/wiki/NTFS/
http://support.microsoft.com/
http://technet.microsoft.com/
NTFS concepts by Priscilla Oppenheimer