Understanding NTFS Filesystems

Windows released the first iteration of the New Technology Filesystem (NTFS) with Windows NT in August 1993. Compared to FAT filesystems, NTFS is more robust, providing stronger security, greater recoverability, and better performance with regard to read, write, and search capabilities. Among its many features NTFS supports long filenames, a highly granular system of file permissions and access control, compression of individual files and directories, and an encrypting filesystem. In addition, NTFS is a journaling filesystem, although Microsoft refers to this feature as logging. This feature, probably more than any other feature, gives tremendous stability to NTFS.

A filesystem’s most vulnerable point is when it ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Understanding NTFS Filesystems

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly