Common Log File System (CLFS)

From Forensics Wiki
Revision as of 04:02, 3 December 2010 by Joachim Metz (Talk | contribs)

Jump to: navigation, search

The Common Log File System (CLFS) is a special purpose file (sub)system designed for transaction logging and/or recovery. The CLFS is not a file system in the traditional meaning of a disk file system, but more of a logical (special purpose) file system that operates in combination with a disk file system like NTFS.

Overview

A CLFS log consists of a base log file (.blf) and one or more container files.

There are two types of logs:

  • dedicated logs; contains a single stream of log record.
  • multiplexed (or common ) logs; contains several streams of log records.

Implementation

According to Wikipedia CLFS was introduced in Windows server 2003 R2.

In Windows Vista the CLFS is implemented as a driver named: clfs.sys. User space equivalent functionality is provided by clfsw32.dll, which communicates to the driver by DeviceIoControl calls.

External links

MSDN on Common Log File System

Wikipedia on Common Log File System

Retrieved from "http://www.forensicswiki.org/w/index.php?title=Common_Log_File_System_(CLFS)&oldid=10603"