How FAT and NFTS differ

Learn how FAT and NFTS differ and uncover how these systems could have potential forensic implications on data recovery.

How do FAT file systems and NTFS file systems differ from one another, and what are the implications, if any, in regards to data recovery?

NTFS was designed to address many issues that surfaced with FAT; a number of which affect how evidence can be recovered from a hard disk drive in a forensic environment. For one, the MFT, or Master File Table (the NTFS version of FAT's File Allocation Table), typically exists in two copies on every NTFS volume, under the reserved filename $MftMirr. The duplicate MFT contains the first four records of the original MFT, in the event the original becomes damaged.

Another NTFS element that may have forensic implications is the presence of alternate data streams (ADS). ADS allows...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

a file to be associated with more than one data batches on the disk (though the data in a file's ADS will be lost if it's moved to a non-NTFS volume). ADSes cannot be detected by a simple DIR command; they have to be revealed using specialized software.

To learn more about the potentially forensic implications, check out Microsoft's description of how NTFS works.

This was last published in May 2007

Dig Deeper on Windows Server and Network Security

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Windows Server experts

View all Windows Server questions and answers

Related Resources

Dig Deeper on Windows Server and Network Security

Related Q&A from Serdar Yegulalp

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.