Windows file system
FAT File System
FAT (File Allocation Table) developed by Microsoft, is a relatively uncomplicated file system supported by virtually all existing Operating Systems for personal computers. One of the reasons the FAT file system is considered simple is because it has a small number of data structure types. There are two important data structures in FAT (the File Allocation Table and directory entries) that serve multiple purposes and belong to multiple categories of the model. The FAT file system does not contain any data that falls into the application category.
Basic concepts of FAT file system:
- Directory entry: FAT file system is that each file and directory is allocated a data structure, called a directory entry, that contains the file name, size, starting address of the file content, and other metadata.
- Clusters: File and directory content is stored in data units called clusters.
- FAT (File Allocation Table): If a file or directory has allocated more than one cluster, the other clusters are found by using a structure that is called the FAT. The FAT structure is used to identify the next cluster in a file, and it is also used to identify the allocation status of clusters. Therefore it is used in both the content and metadata categories. The File Allocation Table (FAT) is a list of entries that map to each cluster on the partition. Each entry records one of five things:
- The address of the next cluster in a chain
- A special end of file (EOF) character that indicates the end of a chain
- A special character to mark a bad cluster
- A special character to mark a reserved cluster and
- A zero to note that the cluster is unused.
The FAT is crucial to a FAT file system and has two purposes. It is used to determine the allocation status of a cluster and to find the next allocated cluster in a file or directory. There are typically two FATs in a FAT file system, but the exact number is given in the boot sector. The first FAT starts after the reserved sectors, the size of which is given in the boot sector. The total size of each FAT is also given in the boot sector, and the second FAT, if it exists, starts in the sector following the end of the first.
The table consists of equal-sized entries and has no header or footer values. The size of each entry depends on the file system version. There are three different versions of FAT: FAT12, FAT16, and FAT32. The major difference among them is the size of the entries in the FAT structure.FAT12 has 12-bit entries, FAT16 has 16-bit entries, and FAT32 has 32-bit entries.
NTFS File System
NTFS (New Technology File System) is one of most complex and successful of existing at present file systems. Being the standard file system for Windows NT, NTFS is also widely used in Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. NTFS has several improvements over FAT. NTFS was designed for reliability, security, and support for large storage devices. Scalability is provided by the use of generic data structures that wrap around data structures with specific content. As stated earlier, NTFS is standard in many Windows systems and now becoming common in most of the free UNIX distributions.
NTFS has five versions:
- v1.0
- v1.1
- v1.2 found in NT 3.51 and NT 4
- v3.0 found in Windows 2000
- v3.1 found in Windows XP, Windows Server 2003, and Windows Vista
NTFS partition structure
NTFS disk is characteristically divided into two parts.
- MFT area: The first 12% of the disk are assigned to MFT, the space which MFT metafile grows into. Any data recording into this area is impossible. The MFT-area is always kept empty not to let the most important service file (MFT) be fragmented at growth.
- The rest 88% of the disks represent usual space for files storage.
MFT Concepts
The Master File Table (MFT) is the heart of NTFS because it contains the information about all files and directories. Every file and directory has at least one entry in the table, and the entries by themselves are very simple. They are 1 KB in size, but only the first 42 bytes have a defined purpose. The remaining bytes store attributes, which are small data structures that have a very specific purpose. For example, one attribute is used to store the file's name, and another is used to store the file's content.
Like everything in NTFS, the MFT is a file. What makes this confusing is that the MFT has an entry for itself. The first entry in the table is named $MFT, and it describes the on-disk location of the MFT. In fact, it is the only place where the location of the MFT is described; therefore, you need to process it to determine the layout and size of the MFT. The starting location of the MFT is given in the boot sector, which is always located in the first sector of the file system.
Metafiles
The first 16 NTFS files (metafiles) are system files. Each of them is responsible for some aspect of system operation. The metafiles are in the NTFS disk root directory, they start with a name character "$", for example $MFT, $LogFile, $Bitmap, $Boot etc…More Information
Unix File System
Linux File System
NTFS File System
Deleted Partition Recovery
Windows Data Recovery
Unix Data Recovery
Solaris Data Recovery
Digital Photo Recovery
Deleted File Recovery
Outlook Express Mail Recovery
Latest News & Reviews
Microsoft Zune Media Player
Sony Viao Portable Hard Drive
Sony HandyCam DCR-HC30
HP Media Vault MV2020
Iomega StorCenter Network Drives
LaCie Biggest (1 TB)
Seagate FreeAgent Pro
Seagate PushButton External Drive
Hitachi DeskStar 7K1000
Maxtor One Touch 4 Mini (160GB)
Maxtor Ultra 7200 series hard drive
Western Digital MyBook World Edition
Western Digital Passport USB Drives
WD Extreme Lighted Combo Drive
Seagate FreeAgent Go (160GB)
Toshiba Portable External Hard Drive
