Home - Unknown
Previous
Next
Overview
This, final, section of the documentation is the place for all
the unanswered questions. Some relate to Windows' use of NTFS
and some are very technical. Your help is needed to fill in
the blanks. Thanks.
Unanswered Questions
- Why do some Metadata files on NTFS 3.0+ still have Security Descriptors?
-
On NTFS 3.0+, $Volume, $AttrDef, dot and $Boot have Security Descriptors.
Is this to save time at boot up?
Perhaps to reduce the number of files it has to parse?
Or is this the same as the previous question?
- $STANDARD_INFORMATION: Max Versions, Version Number and Class Id?
-
Are any of the three fields used?
- Is $UsnJrnl's $J Data Stream a fixed size?
-
Is it a fixed size? Does it wrap around like $LogFile?
- What does $UsnJrnl's $Max Data Stream do?
-
There's a time stamp, two fields that might be flags and a field
that might be a length.
- $MountMgrDatabase
-
What is the format of this stream?
- MFT (FILE) Records
-
Will we only see MFT Extension records with inodes < 23?
Is the sequence number always equal to the inode number for
the Metadata?
- MFT Mirr
-
How large is this if the cluster size is greater than 4kB?
- Collation
-
Is a collation type ULONGS equivalent to GUID?
- Security Descriptors
-
How are ACEs inherited?
copy questions to relevant pages and x-link
Copyright ©