The $MFT, $J, $LogFile, $T, and $I30 are all important components of the NTFS (New Technology File System) file system used in Windows operating systems.
$MFT (Master File Table):
Purpose: The $MFT, or Master File Table, serves as the central repository of metadata for all files and directories on an NTFS volume. It contains information such as file names, attributes, security descriptors, and data extents.
Structure: The $MFT is organized as a table consisting of fixed-size entries, with each entry representing a file, directory, or metadata object. Each entry has a unique identifier known as the MFT Record Number (also called the Inode Number).
Location: The $MFT is located at a fixed position near the beginning of the volume. It is crucial for the proper functioning of the file system and is allocated a portion of disk space during volume formatting.
$J (Journal):
Purpose: The $J, or journal, is an extension of the $LogFile and serves a similar purpose in maintaining the integrity of the file system. It records metadata changes made to files and directories, ensuring consistency in the event of system failures.
Functionality: Like the $LogFile, the $J logs transactions to facilitate recovery in case of system crashes or unexpected shutdowns. However, the $J provides additional capabilities, such as journaling data changes at the cluster level, for more efficient recovery and reduced risk of data corruption.
Location: The $J is typically located near the beginning of the volume, operating in conjunction with the $LogFile to provide comprehensive transaction logging and recovery capabilities.
$LogFile:
Purpose: The $LogFile maintains a record of transactions performed on the file system, ensuring the integrity and consistency of data. It logs changes before they are committed, allowing for recovery in case of system crashes or failures.
Functionality: Whenever a modification is made to the file system, such as creating, deleting, or modifying a file, the operation is first logged in the $LogFile. This logged information can be used to reconstruct the file system state and recover data.
Redundancy: To prevent data loss, the $LogFile maintains redundant copies of critical information, enabling recovery even if the primary log becomes corrupted.
$T (Transaction):
Purpose: The $T, or transaction metadata file, is part of the transactional NTFS feature introduced in Windows Vista and later versions. It stores metadata related to transactions, which are units of work performed on the file system.
Functionality: The $T file maintains information about transactions, such as transaction IDs, transaction state, and changes made during each transaction. This facilitates atomicity, consistency, isolation, and durability (ACID properties) in file system operations.
Location: The $T file is typically located in the root directory of the volume and is associated with the transactional NTFS feature.
$I30 (Index Allocation):
Purpose: The $I30 is an index allocation attribute used to store directory entries within a directory. It contains information about files and subdirectories, facilitating efficient directory traversal and file access.
Functionality: Each directory on an NTFS volume typically has an associated $I30 attribute, which stores references to files and subdirectories contained within that directory. This index allows for quick lookup and retrieval of directory entries.
Location: The $I30 attribute is part of the metadata associated with directories and is stored within the MFT entry corresponding to the directory.
Summary:
$MFT: Central repository of metadata for files and directories.
$J (Journal): Extension of the $LogFile for logging metadata changes and ensuring file system integrity.
$LogFile: Maintains a record of transactions to facilitate recovery in case of system crashes or failures.
$T (Transaction): Stores metadata related to transactions for ensuring ACID properties in file system operations.
$I30: Index allocation attribute used to store directory entries within directories, facilitating efficient file access and directory traversal.
Akash Patel
コメント