The File System

Windows File System

The File System

  • The file system used in modern versions of Windows is the New Technology File System or simply NTFS.

  • Before NTFS, there was FAT16/FAT32 (File Allocation Table) and HPFS (High Performance File System).

  • FAT partitions are still in use today. For example, you typically see FAT partitions in USB devices, MicroSD cards, etc. but traditionally not on personal Windows computers/laptops or Windows servers.

  • NTFS is known as a journaling file system. In case of a failure, the file system can automatically repair the folders/files on disk using information stored in a log file. This function is not possible with FAT.

  • NTFS addresses many of the limitations of the previous file systems; such as:

    • Supports files larger than 4GB

    • Set specific permissions on folders and files

    • Folder and file compression

    • Encryption (Encryption File System or EFS)

  • On NTFS volumes, you can set permissions that grant or deny access to files and folders.

    The permissions are:

    • Full control: Permits reading, writing, modifying, and executing files and folders.

    • Modify: Permits reading, writing, and deletion of files and folders.

    • Read & Execute: Permits viewing, listing, and executing of files.

    • List folder contents: Permits viewing and listing of files and subfolders. (For folders only)

    • Read: Permits viewing and listing of files and their content.

    • Write: Permits adding of files and writing into them.

  • Another feature of NTFS is Alternate Data Streams (ADS). ADS is a file attribute specific to Windows NTFS.

  • From a security perspective, malware writers have used ADS to hide data.

Folder Structure

  • The Windows folder (C:\Windows) is traditionally known as the folder which contains the Windows operating system.

  • The folder doesn't have to reside in the C drive necessarily. It can reside in any other drive and technically can reside in a different folder.

  • This is where environment variables, more specifically system environment variables, the system environment variable for the Windows directory is %windir%.

  • Environment variables store information about the operating system environment. This information includes details such as the operating system path, the number of processors used by the operating system, and the location of temporary folders.

  • The System32 folder holds the important files that are critical for the operating system.

PreviousIntroductionNextUser Accounts

Last updated