Difference between pages "How to recover deleted files" and "Common Log File System (CLFS)"
From Forensics Wiki
(Difference between pages)
Uwe Hermann (Talk | contribs) m (HowTo:Sleuth Kit moved to How to recover deleted files: Moved title to name of the HOWTO. I'll create a "Howtos" category now, where we can put all the HOWTOs...) |
Joachim Metz (Talk | contribs) (→Overview) |
||
| Line 1: | Line 1: | ||
| − | + | The '''Common Log File System''' ('''CLFS''') is a special purpose file (sub)system designed for transaction logging and/or recovery. The CLFS is not a file system in the traditional meaning of a disk file system, but more of a logical (special purpose) file system that operates in combination with a disk file system like [[NTFS]]. | |
| − | * [http:// | + | == Overview == |
| + | A CLFS log consists of a base log file (.blf) and one or more container files. | ||
| + | |||
| + | There are two types of logs: | ||
| + | * dedicated logs; contains a single stream of log record. | ||
| + | * multiplexed (or common ) logs; contains several streams of log records. | ||
| + | |||
| + | == Implementation == | ||
| + | |||
| + | In Windows Vista the CLFS is implemented as a driver named: clfs.sys. User space equivalent functionality is provided by clfsw32.dll, which communicates to the driver by DeviceIoControl calls. | ||
| + | |||
| + | == External links == | ||
| + | [http://msdn.microsoft.com/en-us/library/bb986747%28VS.85%29.aspx MSDN on Common Log File System] | ||
| + | |||
| + | [http://en.wikipedia.org/wiki/Common_Log_File_System Wikipedia on Common Log File System] | ||
| + | |||
| + | [[Category:Logical file systems]] | ||
Revision as of 04:01, 3 December 2010
The Common Log File System (CLFS) is a special purpose file (sub)system designed for transaction logging and/or recovery. The CLFS is not a file system in the traditional meaning of a disk file system, but more of a logical (special purpose) file system that operates in combination with a disk file system like NTFS.
Overview
A CLFS log consists of a base log file (.blf) and one or more container files.
There are two types of logs:
- dedicated logs; contains a single stream of log record.
- multiplexed (or common ) logs; contains several streams of log records.
Implementation
In Windows Vista the CLFS is implemented as a driver named: clfs.sys. User space equivalent functionality is provided by clfsw32.dll, which communicates to the driver by DeviceIoControl calls.
