2. NTFS Files: $MFT (0)
2.1. Overview
In NTFS, everything on disk is a file. Even the metadata is stored as a set of files. The Master File Table (MFT) is an index of every file on the volume. For each file, the MFT keeps a set of records called attributes and each attribute stores a different type of information.

2.2. $MFT Attributes
Table 3.2. $MFT Attributes

Type	Description	Name
0x10	$STANDARD_INFORMATION
0x30	$FILE_NAME	$MFT
0x80	$DATA	[Unnamed]
0xB0	$BITMAP	[Unnamed]

2.3. Layout of the File
2.3.1. Unnamed Data Stream
The description of each file is packed into FILE records. If one record is not large enough (this is unusual), then an $ATTRIBUTE_LISTattribute is needed. The first 24 FILE records are reserved for the system files. Fora full list see the Files page.

Table 3.3. Sample records from the beginning of $MFT

Inode	Filename	Description
0	$MFT	Master File Table - An index of every file
1	$MFTMirr	A backup copy of the first 4 records of the MFT
2	$LogFile	Transactional logging file
3	$Volume	Serial number, creation time, dirty flag
...	...	...

2.4. Notes
2.4.1. MFT Zone
To prevent the MFT becoming fragmented, Windows maintains a buffer around it. No new files will be created in this buffer region until the other disk space is used up. The buffer size is configurable and can be 12.5%, 25%, 37.5% or 50% of the disk. Each time the rest of the disk becomes full, the buffer size is halved.

2.4.2. Other Information
The MFT is self-referencing. The MFT has some space reserved for future expansion. MFT records 12 - 15 are marked as in use, but are empty. MFT records 16- 23 are marked as not in use, however they are never used. Under Windows, the MFT cannot shrink whilst the system is running.

As we had mentioned, MFT can record itself. We suggest that you can use a tool named WinHex to view the material attributes. Further more, the most attributes which we had mentioned you can find them in MFT as a file.

Trackback: http://blog.easeus.com/action.php?action=tb&id=80

Tags: windows,NTFS,xp,ntfs,attribute