NTFS Metadata files

Upon initializing NTFS on a disk, 11 metadata files are created in which NTFS
stores data associated with disk management. Don’t try to delete them. They are
the heart of NTFS. (actually I don’t think you can). In any case, should you
find them, they are not the odd remains of the latest virus or trojan. Metadata
files are typically invisible but you can see them by typing

dir /ah metadatafilename

For example, dir /ah $mft

The metadata files and description:

$MFT – Master File Table
$MFTMIRR – Copy of the first 16 records of the MFT
$LOGFILE – Transactional logging file
$VOLUME – Volume serial number, creation time, and dirty
$ATTRDEF – Attribute definitions
. – Root
directory of the disk
$BITMAP – Contains drive’s
cluster map (in-use vs. free)
$BOOT – Boot record of
the drive
$BADCLUS – Lists bad clusters on the
$QUOTA – Contains user quota information
(implemented in W2k as $Secure)
$UPCASE – Maps lowercase characters to their uppercase

NTFS Tips:

Managing Shared Resources and Resource Security
Between FAT and NTFS

versus NTFS Permissions

Security, Part 2: Implementing NTFS Special Permissions on Your Web Site

Getting the Most from IIS Security
NTFS Permissions
Cancel an NTFS conversion

NT equivalents of
NetWare Rights

NTFS from DOS, Win95 or Win98 using NTFSDOS driver

NTFS Last Access TimeStamp

xcopy – keep attributes

How To Remove Files
with Reserved Names such as LPT1 or PRN

NTFS Metadata files
Disable NTs 8.3 aliases for
LFNs under NTFS

displays which NTFS files have alternate streams content

VolumeID changes NT and FAT volume

Create a NTFS
partition over 4GB during installation

Windows NT NTFS Directory

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top