NTFS Flashcards
NTFS (New Technology File System) is a file system used by the Windows operating system to manage and organize files on storage devices.
Describe the history of NTFS
When was it developed?
What did in-use file systems lack?
release date for
1.0
1.1
1.2
3.0
New Technology File System, was developed beginning in the late 1980s and early 1990s. The Microsoft file systems in use, at that time, HPFS for OS/2 and FAT12/16, lacked networking capabilities.Version
1.0, was released in 1993 and was utilized by NT 3.1.
Version 1.1 was released in 1994 with the advent of NT 3.5.
Version 1.2 was an update that was available for NT 3.51 and NT 4.0 mid-1995 and mid-1996.
Windows 2000 and above are utilizing either version 3.0 or 3.1 in Windows XP and with small changes in Windows Vista and Windows 7 as their core file systems.
What are some features of NTFS?
alternate data streams, quotas, sparse files, re-parse points, volume mount points, directory junctions, hard links, hierarchical storage management, file encryption and compression, and high performance.
In NTFS (New Technology File System), a sparse file is a type of file that efficiently represents a large amount of data with mostly empty or sparse regions. Sparse files are used to optimize disk space usage and minimize the storage required for files that contain a lot of empty or zero-filled areas.
What is little endian?
Microprocessors are discerned by the position where they store the byte of lowest value within a data type. Intel places the byte of lowest value at the first position. Data types consisting of more than one byte (e.g. 32 bit integer) will be stored starting with the lowest value byte (“little end”) and ending with the byte of highest value.
Describe MBR partitioning?
The partition information is stored in the Master Boot Record (MBR). It stores the boot information at sector 0 and can hold up to four primary partitions, smaller or equal to 2 TB each under Windows. It contains the MBR Disk Signature, the master boot code and the partition table. The MBR Disk Signature is located in the MBR and it is a 4-byte value. It is written in the MBR at decimal offset 440
Where does the Windows registry store the MBR signature?
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
What does the mounted devices registry key store about the MBR signature?
It associates disk partitions and drive letters. This 4-byte value is written to the disk. If the disk does not have a MBR Disk Signature, windows will create one for it.We can see the value D7 E3 94 6D, however, there are 8 bytes of information that immediately follow it. Those bytes are the byte offset of the location of the beginning of the partition. To ascertain the sector address convert the 8 bytes to little endian, then a decimal value and divide by the sector size in bytes.
What is the other partitioning scheme apart from MBR?
GUID partition table (GPT) disks are similar to MBR disks, except they use primary and backup partition structures to provide redundancy. These structures are located at the beginning and the end of the disk.
Describe the GPT structure.
GPT identifies structures by their logical block address (LBA) rather than by their relative sectors. The GUID partition table (GPT) disk partitioning style supports volumes up to 18 Exabyte’s in size and up to 128 partitions per disk, compared to the master boot record (MBR) disk partitioning style, which supports volumes up to 2 terabytes in size and up to 4 primary partitions per disk (or three primary partitions, one extended partition, and unlimited logical drives).
What is the boot sector?
Bootable partition that stores information about the layout of the volume and the file system structures, as well as the boot code that loads Ntdlr.
NTLDR (short for NT Loader) is a component of the Windows NT operating system family, including Windows NT, Windows 2000, Windows XP, and Windows Server 2003. It is responsible for loading the operating system kernel and essential system files during the boot process.
What is the Master Boot Record?
Contains executable code that the system BIOS loads into memory. The code scans the MBR to find the partition table to determine which partition is the active, or bootable, partition.
What is a cluster?
A cluster (or allocation unit) is the smallest amount of disk space that can be allocated to hold a file. NTFS organizes hard disks based on cluster size, which is determined by the number of sectors (units of storage on a hard disk) that the cluster contains. For example, on a disk that uses 512-byte sectors, a 512-byte cluster contains one sector, whereas a 4-kilobyte (KB) cluster contains eight sectors.
How are clusters organised within a NTFS volume?
Clusters on an NTFS volume are numbered sequentially from the beginning of the partition into logical cluster numbers. On NTFS volumes, clusters start at sector zero; therefore, every cluster is aligned on the cluster boundary. Contiguous clusters for file storage allow for faster processing of a file.
What are the limitations of cluster sizes?
NTFS uses different cluster sizes depending on the size of the volume therefore, each file system has a maximum number of clusters it can support. The smaller the cluster size, the more efficiently a disk potentially stores information because unused space within a cluster cannot be used by other files. And the more clusters a file system supports, the larger the volumes you can create and format by using a particular file system.
What are the NTFS file limits?
Maximum file size Architecturally: 16 exabytes minus 1 KB (2^64 bytes minus 1 KB)
Implementation: 16 terabytes minus 64 KB (2^44 bytes minus 64 KB)
Files per volume 4,294,967,295 (2^32 minus 1 file)
What is NTFS?
Primary file system for Windows.
What are the features of NTFS?
Security descriptors encryption disk quotas rich metadata.
What is the use of Cluster Shared Volumes (CSV)? (NTFS can be used with it)
Provide continuously available volumes that can be accessed simultaneously from multiple nodes of a failover cluster.
What is the newer file system than NTFS?
Resilient File System (ReFS).
How does NTFS restore consistency after a system failure?
Uses log file and checkpoint information.
What happens after a bad-sector error?
NTFS dynamically remaps the cluster.
What is self-healing NTFS?
Continuously monitors and corrects transient corruption issues.
Transient corruption issues refer to temporary or intermittent errors or corruptions that occur in computer systems or data. These corruptions are typically short-lived and not persistent, meaning they do not permanently alter or damage the data or system.
When was self-healing NTFS introduced?
Windows Server 2008.
What is the Chkdsk utility?
Scans and analyzes the drive for larger corruption issues while the volume is online
Where can you use the Chkdsk utility ?
Windows Server 2012 and later.
What is the downtime required for Chkdsk utility when using NTFS with Cluster Shared Volumes?
When you use NTFS with Cluster Shared Volumes no downtime is required.
What is the benefit of using NTFS with Cluster Shared Volumes?
No downtime required.
Access Control List (ACL)-based security for files and folders: NTFS lets you
set permissions on a file or folder specify the groups and users whose access you want to restrict or allow and select access type.
What is the purpose of BitLocker Drive Encryption in NTFS? Module?
Protect data from unauthorized access. BitLocker provides support for device encryption on x86 and x64-based computers with a Trusted Platform Module (TPM) that supports connected stand-by (previously available only on Windows RT devices). Device encryption helps protect data on Windows-based computers
What is the purpose of disk quotas in NTFS?
Track and control the amount of disk space used by users.
What is the purpose of rich metadata in NTFS?
Store additional information about files and folders enhances the capabilities and functionality of the file system by enabling the storage of extended properties and descriptive data beyond the basic file attributes.
