NTFS FILE SYSTEM ASSIGNMENT #2
Ravi Yasas Jayasundara
ICT 2010 / 2011 / 013
P a g e 1 | 9
In a windows platform there are many disk file systems. Since they create their operating system, they have
introduced many file systems with growing performances. There I have mentioned file systems they have used.
I. FAT (File Allocation Table)
II. HPFS (High Performance File System)
III. NTFS (New Technology File System)
IV. ExFAT (Extended File Allocation Table)
V. ReFS (Resilient File System)
In this project I am going to find out about NTFS.
History of NTFS
This file system was introduced by Microsoft in 1993 begging with Windows NT 3.1 operating system. Later
this is used in windows 2000, Windows XP, Windows 7, and Windows 8 and also in windows server 2003,
Windows server 2008 and Windows server 2012.
In the 1980s, IBM and Microsoft, we established a joint venture to create the next generation of graphical
operating systems. As a result of this project, which is located in OS / 2, do not agree with a number of
important issues, IBM and Microsoft are finally separated. OS / 2 is a project of IBM. Microsoft has launched
(citation needed) to run on Windows NT. The HPFS file system for OS / 2, which contains several important
new features. When you create a new operating system, Microsoft is, they borrowed many of the concepts
Why Microsoft moved to New Technology File System?
Microsoft needed more supported file system to their operating system in 1993 Windows NT. After this
operating system they wanted to make high capacity operating systems with large HDD to done anything that
customer needed in these days. So they wanted to make new generation file system to achieve this purpose.
Then they moved to NTFS file system which is a great file system still using.
Since Windows NT was targeting businesses and corporations, the reliability of the data stored on the system
became more of a priority that speed as in the case of home computer users. In a corporate environment, if a
system fails and data is lost, speed becomes irrelevant. To support recoverability, the new file system, NTFS,
provided file system recovery based upon a transaction-processing model as well as an improved write-
P a g e 2 | 9
Differences between main file systems
NTFS 5 NTFS ExFAT FAT32
Windows CE 6.0
Max volume size 26 clusters minus 1
26 clusters minus 1
128PB 32GB for all OS,
2TB for some OS
Max files on volume 4,294,967,295 4,294,967,295 Unlimited 4,194,304
Max file size 264 bytes minus
244 bytes minus
16EB 4GB minus 2 bytes
Max cluster number 264 clusters minus 1 232 clusters minus 1 4294967295 4177918
Max file name Length Up to 255 Up to 255 Up to 255 Up to 255
File system features
Boot sector location First and last sector First and last sector Sectors 0 to 11 copy
in 12 to 23
First sector and
copy in sector #6
File attributes Standard and
Standard set Standard set
Alternate streams Yes Yes No No
compression Yes Yes No No
Encryption Yes No No No
Object permission Yes Yes Yes No
Disk quotas Yes No No No
Sparse files Yes No No No
Reparse points Yes No No No
Volume mount Yes No No No
P a g e 3 | 9
Built in security Yes Yes Yes minimal ACL
Recoverability Yes Yes Yes if TFAT activated No
Performance Low on small
volumes high on
Low on small
volumes high on
High High on small
volumes low on
Disk space economy Max Max Max Average
Fault tolerance Max Max Yes if TFAT activated minimal
I. V1.0 Windows NT 3.1
II. V1.1 Windows NT 3.5
III. V1.2 Windows NT 3.51 and Windows NT 4.0
IV. V3.0 Windows 2000
V. V3.1 Windows XP
VI. V5.0 Windows
Formatting a volume with the NTFS file system results in the creation of several system (metadata) files such
as $MFT — Master File Table, $Bitmap, $LogFile and others, which contains information about all the files
and folders on the NTFS volume.
Formatted NFTS volume
System filesMaster file tablePartition boot
P a g e 4 | 9
NTFS boot sector
When you format an NTFS volume, the format program allocates the first 16 sectors for the $Boot
metadata file. First sector, in fact, is a boot sector with a "bootstrap" code and the following 15 sectors
are the boot sector's IPL (initial program loader). To increase file system reliability the very last sector
an NTFS partition contains a spare copy of the boot sector.
There are two different structures.
I. BIOS parameter block
II. Volume boot code
NTFS Master File Table (MFT)
Each file on an NTFS volume is represented by a record in a special file called the master file table
(MFT). NTFS reserves the first 16 records of the table for special information. Each file on an NTFS
volume is represented by a record in a special file called the master file table (MFT). NTFS reserves the
first 16 records of the table for special information. Below you can see the Master File Table Structure.
P a g e 5 | 9
System File File Name MTF Record
Master File Table $Mft 0
Master File Table 2 $MftMirr 1
Log File $LogFile 2
Volume $Volume 3
Attribute definitions $AttrDef 4
Root file name index $ 5
Cluster bitmap $BitMap 6
Boot sector $Boot 7
Bad cluster file $BadClus 8
Security file $Secure 9
Upcase table $Upcase 10
NTFS extension file $Extend 11
Quota management file $Quota 24
Object ID file $Objid 25
Reparse point file $Reparse 26
This area re served for the user and in this area, all your files to be stored.
MTF record for a small file or directory
This design is very fast file access. For example, if you have a list of names and addresses of the FAT file system
as a file, you can use the file allocation table. FAT directory entries, including File Allocation Table index. If you
want to see the file, the file allocation table FAT first states to ensure that this is available. Then, the file is
given a separate number for the chain, is the FAT file. You can file as soon as possible, NTFS, see, but to be
Only the file as a record, master file table entries contained in the directory. Instead, information, directory,
index information is available. There are quite a few of the MFT file record. MFT cannot be included in the
directory entry to record the foreign indicator B-tree is a great guide.
File or directory
Date or indexSecurity
P a g e 6 | 9
Standard information Includes information such as Timestamp and link count.
attribute Displays a list of all the attribute data that do not fit in the MFT record.
filename A repeatable attribute for both short filenames. The long file can be up to 255
characters Unicode. The short is 8.3, case-sensitive name for the file.
Additional names, or hard links, required by POSIX can be included as
additional attributes File name.
Security Descriptor Describes who owns the file and who can access it.
data Contains data files. NTFS allows multiple attributes for the file data. Each file
typically has one unnamed data attribute. A file can have one or more named
data attributes, each of which uses a special syntax.
object ID A unique volume ID file. Used by the distributed link tracking service. Not
everyone has the object identifier files.
Stream logged Utility Similar to a data stream, but operations logged in the log file just like NTFS
metadata changes NTFS. This is used by EFS.
Reparse Used for volume mount points. They are also used by the installable file
system (IFS) filter drivers to mark certain files as special to that driver.
Root Index Used to implement folders and other indicators.
allocation Index Used to implement folders and other indicators.
bitmap Used to implement folders and other indicators.
volume information Used only in the $ Volume system file. Contains the volume version.
volume Name Used only in the $ Volume system file. Contains the volume label.
Features of NTFS file system
II. Transaction – based
III. File and folder permission
IV. Disk quotas
V. Reparse points
VI. Sparse file support
IX. Alternate data streams
P a g e 7 | 9
Clusters that contain all zeros are not written to disk. Other thing is analysis considerations. A deleted
sparse file is hard to recovery. If file system metadata is deleted or corrupted, a sparse file might not
Files that are compressed on an NTFS volume can be read and written by any Windows-based
application without first being decompressed by another program. Decompression happens
automatically during the read of the file. The file is compressed again when it is closed or saved.
The NTFS recovery disk recovery programs running in the volume NTFS rare, allows the user to NTFS
volumes using standard recovery techniques to ensure the transaction log. In case of a system error
log files, and automatically restore the file system NTFS checkpoint. For more information about how
to restore your system to recover the data, and the Emergency Repair Disk (ERD).
Uses both symmetric key encrypting (DESX) and asymmetric key encryption (RSA). Generates a single
file encryption key (FEK) and encrypts file with FEK using DESX. It stores FEK with file. FEK is encrypted
with the public key of the user. FEK to decrypt the user's private key. If the policy allow, is also
encrypted FEK using the public key of the recovery agent and (Decrypting the private key recovery
Alternate data streams
This means data added to a file. It almost impossible to detect with normal file browsing techniques.
P a g e 8 | 9
Advantages of NTFS file system
I. Faster access speed – This file system minimizes the number of accesses required to find a file.
II. File and folder security – In this NTFS you are allowed to use the files and folders that you specify, or
permissions and access levels you can gain access to. Users in a shared folder on the computer and
files stored in files, the NTFS file and folder permissions on the files to a network for users to access
and apply. In addition, when you use the NTFS file and folder with a combination of shared folder
III. Boot sector can be backed up
IV. Disk quotas can be set
V. Can format volumes up to 2TB
VI. NTFS file system is used also in Mac OS x and Linux operating systems.
Disadvantages of NTFS file system
I. This file system is not applicable for MS DOS, Windows 95, and Windows 98.
II. It is slow when using small disks.
Creating an NTFS file
1. Read volume boot sector to locate MFT.
2. Read first entry in MFT to determine layout of MFT.
3. Allocate an MFT entry for the new file.
4. Initialize MFT entry with $STANDARD_INFORMATION, etc.
5. Check MFT $Bitmap to find free clusters, using best-fit algorithm.
6. Set corresponding $Bitmap bits to 1.
7. Write file content to clusters and update $DATA attribute with starting address of cluster run and run length.
8. Read root directory (MFT entry 5), traverse index, and find dir1.
9. Read $INDEX_ROOT attribute for dir1 and determine where file1.txt should go.
10. Create new index entry; resort index tree.
11. Enter steps in $LogFile (as each step is taken).
P a g e 9 | 9
Windows NTFS file system, a strong expansion such Greece previous file systems, FAT (File Allocation Table)
file system and HPFS (High Performance File System). NTFS, capacity added therefore, using fault tolerance
and redundant data, and file security, Support for mission critical applications used by businesses and
organizations data integrity and high performance requirements. Microsoft as a result of efforts file system,
such as data security and the security of the space on the disk.
NTFS concepts by Priscilla Oppenheimer