Structure of $Secure File

The table below describes the MFT record structure of the file named $Secure.

$Secure file MFT record structure

Attribute Type

Name

Description

$STANDARD_INFORMATION    
$FILE_NAME $Secure  
$DATA $SDS

Security Descriptor Stream. Named data stream that contains a list of all the Security Descriptors on the volume.

$INDEX_ROOT $SDH Security Descriptor Hash index root
$INDEX_ROOT $SII

Security ID index root

$INDEX_ALLOCATION $SDH Security Descriptor Hash index storage allocation table
$INDEX_ALLOCATION $SII

Security ID Index storage allocation table

$BITMAP $SDH Security Descriptor Hash index bitmap
$BITMAP $SII

Security ID Index bitmap

The figure below shows the $SDS and two indexes that provide access to the data stream: $SDH (Security Descriptor Hash) and $SII (Security ID Index).

$SDS Data Stream

SDS Data Stream

The picture illustrates that each entry in the file is accompanied by two indexes:

  • a Security Descriptor Hash for indexing purposes
  • a Security ID, related to the MFT file record; this ID is unique for the NTFS volume and is used as a reference to the $SII index

The $SII index is sorted in ascending order by Security ID and maps each Security ID to the security descriptor's storage location in the $SDS data attribute.

Previous | NTFS Permissions | Next