FAT(File Allocation table)
This is one of the oldest file system used on Microsoft Windows since 1970s. As the name suggests, the File Allocation Table creates a table that indexes the location of bits that are allocated to different files.
- Clusters: The basics storage unit of FAT file system.
- Directory: it contains information about identification of a file.
- File Allocation Table: It is a linked list of all clusters.
NTFS(New Technology File System)
- The NTFS file system maintain logs of changes to the metadata in the volume.
- Access Control.
- Volume Shadow Copy
- Alternate Data Streams
- Master File Table
Use of MFT Explorer
MFTECmd.exe -f <path-to-$MFT-file> --csv <path-to-save-results-in-csv>
Recovering Deleted Files