Upon initializing NTFS on a disk, 11 metadata files are created in which NTFS
stores data associated with disk management. Don’t try to delete them. They are
the heart of NTFS. (actually I don’t think you can). In any case, should you
find them, they are not the odd remains of the latest virus or trojan. Metadata
files are typically invisible but you can see them by typing
dir /ah metadatafilename
For example, dir /ah $mft
The metadata files and description:
$MFT – Master File Table
$MFTMIRR – Copy of the first 16 records of the MFT
$LOGFILE – Transactional logging file
$VOLUME – Volume serial number, creation time, and dirty
flag
$ATTRDEF – Attribute definitions
. – Root
directory of the disk
$BITMAP – Contains drive’s
cluster map (in-use vs. free)
$BOOT – Boot record of
the drive
$BADCLUS – Lists bad clusters on the
drive
$QUOTA – Contains user quota information
(implemented in W2k as $Secure)
$UPCASE – Maps lowercase characters to their uppercase
version
NTFS Tips:
Managing Shared Resources and Resource Security
Choosing
Between FAT and NTFS
Web
versus NTFS Permissions
NTFS
Security, Part 2: Implementing NTFS Special Permissions on Your Web Site
Getting the Most from IIS Security
NTFS Permissions
Cancel an NTFS conversion
NT equivalents of
NetWare Rights
Access
NTFS from DOS, Win95 or Win98 using NTFSDOS driver
NTFS Last Access TimeStamp
xcopy – keep attributes
How To Remove Files
with Reserved Names such as LPT1 or PRN
NTFS Metadata files
Disable NTs 8.3 aliases for
LFNs under NTFS
Streams
displays which NTFS files have alternate streams content
VolumeID changes NT and FAT volume
IDs
Create a NTFS
partition over 4GB during installation
Windows NT NTFS Directory
Compression