Difference between revisions of "Common Log File System (CLFS)"

From ForensicsWiki
Jump to: navigation, search
(External links)
(External links)
 
(7 intermediate revisions by the same user not shown)
Line 5: Line 5:
  
 
There are two types of logs:
 
There are two types of logs:
* dedicated logs; contains a single stream of log record.
+
* dedicated logs; contains a single stream of log records.
* multiplexed (or common ) logs; contains several streams of log records.
+
* multiplexed (or common) logs; contains several streams of log records.
  
 
== Implementation ==
 
== Implementation ==
Line 18: Line 18:
  
 
== External links ==
 
== External links ==
[http://msdn.microsoft.com/en-us/library/bb986747%28VS.85%29.aspx MSDN on Common Log File System]
+
* [http://msdn.microsoft.com/en-us/library/bb986747%28VS.85%29.aspx MSDN on Common Log File System]
 
+
* [http://en.wikipedia.org/wiki/Common_Log_File_System Wikipedia on Common Log File System]
[http://en.wikipedia.org/wiki/Common_Log_File_System Wikipedia on Common Log File System]
+
* [http://code.google.com/p/libfslibs/downloads/detail?name=Common%20Log%20File%20System%20%28CLFS%29.pdf Common Log File System (CLFS)], by the [[libfslibs|libfslibs project]], November 2010
  
 
[[Category:Logical file systems]]
 
[[Category:Logical file systems]]
 +
[[Category:File Systems]]

Latest revision as of 08:07, 30 September 2012

The Common Log File System (CLFS) is a special purpose file (sub)system designed for transaction logging and/or recovery. The CLFS is not a file system in the traditional meaning of a disk file system, but more of a logical (special purpose) file system that operates in combination with a disk file system like NTFS.

Overview

A CLFS log consists of a base log file (.blf) and one or more container files.

There are two types of logs:

  • dedicated logs; contains a single stream of log records.
  • multiplexed (or common) logs; contains several streams of log records.

Implementation

According to Wikipedia CLFS was introduced in Windows server 2003 R2.

In Windows Vista the CLFS is implemented as a driver named: clfs.sys. User space equivalent functionality is provided by clfsw32.dll, which communicates to the driver by DeviceIoControl calls.

Also see

Windows Internals 5 by Mark E. Russinovich and David A. Solomon

External links