Understanding NTFS Filesystems

Windows released the first iteration of the New Technology Filesystem (NTFS) with Windows NT in August 1993. Compared to FAT filesystems, NTFS is more robust, providing stronger security, greater recoverability, and better performance with regard to read, write, and search capabilities. Among its many features NTFS supports long filenames, a highly granular system of file permissions and access control, compression of individual files and directories, and an encrypting filesystem. In addition, NTFS is a journaling filesystem, although Microsoft refers to this feature as logging. This feature, probably more than any other feature, gives tremendous stability to NTFS.

A filesystem’s most vulnerable point is when it ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.