August 2000
Intermediate to advanced
800 pages
21h 5m
English
Content preview from Microsoft® Windows® 2000 Security Handbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Metadata
Recall that everything in NTFS is a file. That includes data that the file system uses internally for housekeeping. This data is called metadata. The MFT, for example, is implemented in a file called $Mft that is located in the root of all file systems. Table 4.1 shows the other metafiles used in NTFS 5. 0 volumes.
| Filename | Description |
|---|---|
| $Mft | Primary copy of the MFT |
| $MFTMirr | Mirror (backup) copy of the MFT |
| $LogFile | Transaction log |
| $Volume | Volume name and other general information |
| $AttrDef | List of attribute names, internal reference numbers, and descriptions |
| $. | Root folder |
| $Bitmap | Bitmap of the entire volume showing which clusters are in use and which are free |
| $Boot | Volume bootstrap (if bootable) |
| $BadClus | List of the bad ... |