Difference between revisions of "Common Log File System (CLFS)"

From Forensics Wiki
Jump to: navigation, search
Line 3: Line 3:
 
== Overview ==
 
== Overview ==
 
The CLFS uses a base log file (.blf) and one or more container files.
 
The CLFS uses a base log file (.blf) and one or more container files.
 +
 +
== Implementation ==
 +
 +
In Windows Vista the CLFS is implemented as a driver named: clfs.sys. User space equivalent functionality is provided by clfsw32.dll, which communicates to the driver by DeviceIoControl calls.
  
 
== External links ==
 
== External links ==

Revision as of 16:18, 27 November 2010

The Common Log File System (CLFS) is a special purpose file (sub)system designed for transaction logging and/or recovery. The CLFS is not a file system in the traditional meaning of a disk file system, but more of a logical (special purpose) file system that operates in combination with a disk file system like NTFS.

Overview

The CLFS uses a base log file (.blf) and one or more container files.

Implementation

In Windows Vista the CLFS is implemented as a driver named: clfs.sys. User space equivalent functionality is provided by clfsw32.dll, which communicates to the driver by DeviceIoControl calls.

External links

MSDN on Common Log File System

Wikipedia on Common Log File System