1.0 KiB
1.0 KiB
NTFS
- Has the following advantages over FAT
- Journaling
- ACL
- Volume Shadow Copy
- Alternate Data Stream
Master File Table
- VBR references to
$MFT $LOGFILEstores transactions of the file system$UsnJrnlchanged files, and reason for change
Caching
- File information is cached for frequent use in
C:\Windows\Prefetch\*.pf
- An SQLite database can be found under
C:\Users\<username>\AppData\Local\ConnectedDevicesPlatform\{randomfolder}\ActivitiesCache.db
Jumplist
- Stores recently used files of applications inside the taskbar
C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
Shortcut Files
C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Recent\
C:\Users\<username>\AppData\Roaming\Microsoft\Office\Recent\
Internet Explorer History
C:\Users\<username>\AppData\Local\Microsoft\Windows\WebCache\WebCacheV*.dat
Removeable Device Setup Log
C:\Windows\inf\setupapi.dev.log