Difference between pages "New Technology File System (NTFS)" and "User talk:Eric Knight"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
m (Welcome!)
 
Line 1: Line 1:
The '''New Technology File System''' ('''NTFS''') is a [[file system]] developed and introduced by [[Microsoft]] in 1993 with [[Windows]] 3.1. As a replacement for the [[FAT]] file system, it quickly became the standard for [[Windows 2000]], [[Windows XP]] and [[Windows Server 2003]].
+
'''Welcome to ''Forensics Wiki''!'''
 
+
We hope you will contribute much and well.
The features of NTFS include:
+
You will probably want to read the [[Help:Contents|help pages]].
 
+
Again, welcome and have fun! [[User:.FUF|.FUF]] ([[User talk:.FUF|talk]]) 16:19, 5 June 2013 (CDT)
* [[Hard-links]]
+
* Improved performance, reliability and disk space utilization
+
* Security [[access control lists]]
+
* File system journaling
+
 
+
== Alternate Data Streams ==
+
The '''NTFS''' file system includes a feature referred to as Alternate Data Streams (ADSs). This feature has also been referred to as "multiple data streams", "alternative data streams", etc. ADSs were included in '''NTFS''' in order to support the resource forks employed by the Hierarchal File System (HFS) employed by Macintosh systems. 
+
 
+
As of [[Windows XP]] SP2, files downloaded via Internet Explorer, Outlook, and Windows Messenger were automatically given specific "zoneid" ADSs.  The Windows Explorer shell would then display a warning when the user attempted to execute these files (by double-clicking them).
+
 
+
Sysadmins should be aware that prior to Vista, there are no tools native to the [[Windows]] platform that would allow you to view the existence of arbitrary ADSs.  While ADSs can be created and their contents executed or viewed, it wasn't until the "/r" switch was introduced with the "dir" command on Vista that arbitrary ADSs would be visible.  Prior to this, tools such as [http://www.heysoft.de/Frames/f_sw_la_en.htm LADS] could be used to view the existence of these files.
+
 
+
Examiners should be aware that most forensic analysis applications, including EnCase and ProDiscover, will display ADSs found in acquired images in red.
+
 
+
== External links ==
+
* [http://en.wikipedia.org/wiki/NTFS Wikipedia: NTFS]
+
[[Category:Disk file systems]]
+

Latest revision as of 16:19, 5 June 2013

Welcome to Forensics Wiki! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! .FUF (talk) 16:19, 5 June 2013 (CDT)