How FAT and NFTS differ

Learn how FAT and NFTS differ and uncover how these systems could have potential forensic implications on data recovery.

Serdar Yegulalp
Published: 17 May 2007

How do FAT file systems and NTFS file systems differ from one another, and what are the implications, if any, in regards to data recovery?

NTFS was designed to address many issues that surfaced with FAT; a number of which affect how evidence can be recovered from a hard disk drive in a forensic environment. For one, the MFT, or Master File Table (the NTFS version of FAT's File Allocation Table), typically exists in two copies on every NTFS volume, under the reserved filename $MftMirr. The duplicate MFT contains the first four records of the original MFT, in the event the original becomes damaged.

Another NTFS element that may have forensic implications is the presence of alternate data streams (ADS). ADS allows a file to be associated with more than one data batches on the disk (though the data in a file's ADS will be lost if it's moved to a non-NTFS volume). ADSes cannot be detected by a simple DIR command; they have to be revealed using specialized software.

To learn more about the potentially forensic implications, check out Microsoft's description of how NTFS works.

Dig Deeper on Windows Server troubleshooting

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Serdar Yegulalp

Even without an optical drive, data on a disc can be accessed

This week, our expert answers the question of how to get DVD data off a disc, even if the user's PC doesn't have an optical drive. Continue Reading

Can I plug a USB drive into a phone with a micro-USB connector?

This week, our expert answers a question on how to connect a phone or tablet to a USB drive with a micro-USB connector. Continue Reading

LibreOffice, OpenOffice are tempting but differ from Microsoft Office

Open source and free suites such as LibreOffice and OpenOffice could save organizations money, but not effort in comparison with Microsoft Office. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Windows Server experts

View all Windows Server questions and answers

SearchServerVirtualization

The beginner's guide to Hyper-V

Knowing Hyper-V beyond base functions is vital to getting your money's worth out of the product. You should understand features, ...

Don't buy a GPU for machine learning unless you have the workload

Virtual GPUs and machine learning might seem like a perfect match, but specialized chips might not be worth the investment if ...

Understand KubeVirt basics to help get you started

Getting to know KubeVirt prior to use is essential. Though it relies on core Kubernetes technology, running VMs alongside ...

SearchCloudComputing

VMware-Pivotal deal confirmed at $2.7 billion -- what's next?

VMware will plunk down $2.7 billion for Pivotal in a deal that has hallmarks of a family reunion, but could help drive a broader ...

Use modern cloud security best practices

Enterprises still worry about the security of cloud and if migrating will put data at risk. Explore modern methods, technologies ...

VMware acquisition of Intrinsic denotes bigger strategic plan

VMware has acquired Intrinsic, a maker of virtualization technology that secures Node.js applications on serverless environments ...

SearchSQLServer

SQL Server database design best practices and tips for DBAs

Good database design is a must to meet processing needs in SQL Server systems. In a webinar, consultant Koen Verbeeck offered ...

SQL Server in Azure database choices and what they offer users

SQL Server databases can be moved to the Azure cloud in several different ways. Here's what you'll get from each of the options ...

Using a LEFT OUTER JOIN vs. RIGHT OUTER JOIN in SQL

In this book excerpt, you'll learn LEFT OUTER JOIN vs. RIGHT OUTER JOIN techniques and find various examples for creating SQL ...

SearchEnterpriseDesktop

Windows 10 19H2 update brings few changes, more confusion

Windows 10 updates have plagued IT since the inception of the OS. Microsoft may be attempting to assuage IT's concerns with the ...

New Windows vulnerabilities reveal there is no rest for weary IT

The two latest Windows security vulnerabilities reiterate the importance for IT admins to stay diligent when updating and ...

7 questions to ensure UEM supports a Windows 10 migration

The right UEM platform will go a long way in streamlining a Windows 10 migration. Ask these questions to ensure your ...

SearchVirtualDesktop

How to identify and eliminate Citrix performance issues

Citrix performance issues can be difficult to deal with. Fortunately, there are ways to prevent them using a variety of ...

Get to know Citrix Virtual Apps and Desktops LTSR and CR

Determine the differences between Citrix Virtual Apps and Desktops LTSR and CR, and understand why many customers are reluctant ...

Customers can interact with new VMware DaaS product at VMworld

VMware's new desktop-as-a-service product will get some play at VMworld. How Managed Desktops differs from its Horizon 7 offering...

Dig Deeper on Windows Server troubleshooting

Related Q&A from Serdar Yegulalp

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.