|
NTFS General Information
> NTFS Permissions
> Structure of $Secure File
Structure of $Secure File
The table below describes the MFT record structure of the file named $Secure.
$Secure file MFT record structure
Attribute Type |
Name |
Description |
$STANDARD_INFORMATION |
|
|
$FILE_NAME |
$Secure |
|
$DATA |
$SDS |
Security Descriptor Stream. Named data stream that contains a list of all the
Security Descriptors on the volume. |
$INDEX_ROOT |
$SDH |
Security Descriptor Hash index root |
$INDEX_ROOT |
$SII |
Security ID index root |
$INDEX_ALLOCATION |
$SDH |
Security Descriptor Hash index storage allocation table |
$INDEX_ALLOCATION |
$SII |
Security ID Index storage allocation table |
$BITMAP |
$SDH |
Security Descriptor Hash index bitmap |
$BITMAP |
$SII |
Security ID Index bitmap |
The figure below shows the $SDS and two indexes that provide
access to the data stream: $SDH (Security Descriptor Hash) and $SII (Security ID
Index).
Figure 11 - $SDS Data Stream
Figure 11 illustrates that each entry in the file is
accompanied by two indexes:
- a Security Descriptor Hash for indexing purposes
- a Security ID, related to the MFT file record; this ID is unique for the NTFS volume and is used as a reference to the $SII
index
The $SII index is sorted in ascending order by Security ID and
maps each Security ID to the security descriptor’s storage location in the $SDS
data attribute.
Previous | NTFS Permissions |
Next
|
