Chapter 5
geometry
A disk drive's internal organization of platters, tracks, and sectors
ReFS
A new file system developed for Windows Server 2012. It allows increased scalability for disk storage and improved features for data recovery and error checking
registry
A windows database containing information about hardware and software configurations, network connections, user preferences, setup information, and other critical information
wear-leveling
An internal firmware feature used in a solid-state drives that ensures even wear of read/writes for all memory cells
virtual machines
Emulated computer environments that simulate hardware and can be used for running OSs separate from the physical(host computer)
metadata
In NTFS, this term refers to information stored in the MFT
bootstrap process
Information contained in ROM that a computer accesses during startup; this information tells the computer how to access the OS and hard drive.
MFT
NTFS uses this database to store and link to files. It contains information about access rights, date and time stamps, system attributes, and other information about files
LCN
Numbers the MFT used to refer to a specific physical location on a disks partition. LCN becomes the address that allows the MFT to read and write data to the disk's nonresidental attribute area
ZBR
The method most manufactures use to deal with a platter's inner tracks being shorter that the outer tracks. Grouping tracks by zones ensures that all tracks hold the same amount of data
areal density
The number of bits per square inch of a disk platter.
file system
The way files are stored on a disk; gives an OS a road map to data on a disk
VCN
When a large file is saved in NTFS, its assigned a logical cluster number specifying a location on the partition. Large files are referred to as nonresident files.
cylinder
a column of tracks on two or more disk platters
partition
a logical drive on a disk. It can be entire disk or part of disk
head and cylinder skew
a method manufactures use to minimize lag time. The starting sectors or tracks are slightly offset from each other to move the read write head
one-time passphrase
a password used to access special accounts or programs requiring high level security. used once then expires
EFS
a public/private key encryption with a symmetric key, and then a public/private key is used to encrypt the symmetric key first used in Windows 200 on NTFS
sector
a section on a track, typically made up of 512 bytes
data runs
cluster addresses where files are stored on a drive's partition outside the MFT record. Data runs are used for nonresident MFT file records.
tracks
concentric circles on a disk platter where data is stored
attribute ID
in NTFS, an MFT record field containing metadata about the file or folder and the file's data or links to the file's data.
MBR
on Windows and DOS computer systems, this boot disk file contains information about partitions on a disk and their locations, size, and other in important information
unallocated disk space
partition disk space that isn't allocated to a file. This space might contain data from files that have been previously deleted
clusters
storage allocation units composes of groups of sectors. Clusters are 512,1024,2048, or 4096 bytes each
physical address
the actual sectors in which files are located. Sectors reside at the hardware and firmware level.
head
the device that reads and writes data to a drive
NTFS
the file system Microsoft created to replace FAT. Uses more security features, allows smaller clusters sizes, and uses Unicode, which makes it more versitile
recovery certificate
the method NTFS uses so that a network admin can recover encrypted files if the file's user/creator loses the private key encryption code
FAT
the original Microsoft file structure database. It's written to the outermost track of the disk and contains information about each file stored on the drive.
track density
the space between tracks on a disk. The smaller the space between tracks, the more track on a disk. Older drives with wider track densities allowed the heads to wander
RAM slack
the unused space between end of file and end of sector used by the active file in a cluster. Any data found in RAM is used to fill this space. Older file systems
file slack
the unused space created when a file is saved. If the allocated space is larger than the file.
drive slack
unused space in a cluster between the end of an active file and end of cluster. It can contain deleted files, emails, or file fragments. Drive slack made up of both file slack and RAM slack
partition gap
unused space or void between the primary partition and the first logical partition
private key
used to decrypt the file. File owner keeps
public key
used to encrypt the file. held by a certificate
alternative data streams
ways in which data can be appended to a file (intentionally or not) and potentially obscure evidentiary data. In NTFS, alternate data streams become an additional file attribute.
