Windows File System
The Windows file system is a hierarchical storage structure used by the Windows operating system to manage data on storage devices.
It supports multiple file systems, each with different capabilities and features designed to enhance security, performance, and compatibility.
| Name |
Descriptions |
| FAT32 [File Allocation Table 32-bit] |
Legacy file system, widely compatible but limited in features.
Maximum file size: 4GB.
No built-in security or encryption features.
Ideal for USB flash drives and external storage requiring cross-platform compatibility. |
| NTFS [New Technology File System] |
Default file system for modern Windows installations.
Supports large files and partitions (up to 16EB in theory).
Built-in file permissions and access control lists (ACLs).
Supports file compression, encryption (EFS), and journaling for data integrity.
Ideal for system drives and large storage solutions. |
| exFAT [Extended File Allocation Table] |
Designed for flash storage [USB drives, SD cards, SSDs].
Supports large files (beyond FAT32 limitations).
Lacks NTFS security features but offers better performance for removable storage. |
| ReFS [Resilient File System] |
Designed for high-resilience storage, primarily used in Windows Server.
Provides built-in error correction and integrity checks.
Supports auto-healing without data loss.
Not widely used in consumer editions of Windows. |
Windows File System Hierarchy
Unlike Linux, Windows does not use a single root directory (/).
Instead, it uses drive letters (e.g., C:\, D:\) to organize file storage.
Structure of a typical Windows file system:
Root Directories [Drive Letters]:
Each storage device is assigned a drive letter (e.g., C:\, D:\).
The C:\ drive is usually the system partition where Windows is installed.
System Directories:
C:\Program Files (x86)\ – Stores 32-bit applications on 64-bit systems.
C:\Program Files\ – Default location for installed applications.
C:\Temp\ – Temporary files used by the OS and applications.
C:\Windows\ – Contains core operating system files.
C:\Users\ – Houses user profiles and personal files.
User Directories:
C:\Users\[Username]\Documents\ – Default location for user documents.
C:\Users\[Username]\Downloads\ – Stores downloaded files.
C:\Users\[Username]\Desktop\ – User’s desktop storage.
C:\Users\[Username]\AppData\ – Stores user-specific application data:
Local\ – Stores temporary and cache files.
LocalLow\ – Used for low-integrity applications.
Roaming\ – Synchronizes settings across multiple devices (if using a domain account).
Hidden and System Files:
C:\hiberfil.sys – Hibernation file storing system state.
C:\$Recycle.Bin\ – Recycle Bin storage for deleted files.
C:\Pagefile.sys – Windows paging file (virtual memory swap).
C:\Windows\System32\ – Critical system files and executables.
C:\Windows\SysWOW64\ – Contains 32-bit libraries on 64-bit Windows.
File System Features
Access Control and Security
NTFS uses Access Control Lists (ACLs) for file and folder permissions.
Windows supports encryption via BitLocker and EFS.
Journaling and Data Integrity
NTFS and ReFS use journaling to track file changes and prevent corruption.
ReFS includes automatic error correction and self-healing features.
Compression and Encryption
NTFS supports built-in file compression and encryption via EFS.
Shadow Copies and Backups
Windows Volume Shadow Copy Service [VSS] enables backups and system restore points.
File Attributes
Windows files and folders have special attributes that control their behavior and visibility.
These attributes can be managed through File Explorer properties or command-line tools.
| Attribute |
Description |
| Read-Only (R) |
Prevents files from being modified or deleted.
Useful for protecting important documents from accidental changes. |
| Hidden (H) |
Makes files invisible in File Explorer by default.
Can be viewed by enabling "Show hidden files" in Folder Options.
Often used for system files and configuration files. |
| System (S) |
Marks files as critical system files.
Usually combined with Hidden attribute.
Should not be modified without proper knowledge. |
| Archive (A) |
Indicates files that have been modified since last backup.
Used by backup software to identify which files need backing up.
Automatically set when a file is created or modified. |
| Compressed (C) |
Indicates file is compressed to save disk space.
Only available on NTFS volumes.
Files are automatically compressed/decompressed when accessed. |
| Encrypted (E) |
File is encrypted using EFS (Encrypting File System).
Only accessible by the user who encrypted it.
Provides additional security layer for sensitive data. |
NTFS Permissions and Ownership
NTFS provides granular control over file and folder access through permissions and ownership.
Understanding these concepts is crucial for system security and multi-user environments.
Standard NTFS Permissions
| Permission |
Capabilities |
| Full Control |
Complete access to files and folders.
Can read, write, modify, delete, and change permissions.
Can take ownership of files. |
| Modify |
Can read, write, modify, and delete files.
Cannot change permissions or take ownership. |
| Read & Execute |
Can view file contents and run executable files.
Cannot modify or delete files. |
| Read |
Can view file and folder contents.
Cannot execute programs or make changes. |
| Write |
Can create new files and folders.
Can modify existing files but not delete them. |
| List Folder Contents |
Folder-specific permission.
Can view names of files and subfolders.
Cannot read file contents. |
Permission Inheritance
Child folders and files inherit permissions from parent folders by default.
This simplifies permission management across directory structures.
Inheritance can be disabled for specific folders requiring custom permissions.
File System Commands
Windows provides powerful command-line tools for file system management.
These commands can be executed in Command Prompt (CMD) or PowerShell.
Essential CMD Commands
Command Prompt File Operations
| Command |
Purpose |
| dir |
Lists files and directories in current location.
dir /a - Shows hidden and system files.
dir /s - Lists contents of all subdirectories. |
| cd [path] |
Changes current directory.
cd.. - Moves up one directory level.
cd\ - Returns to root of current drive. |
| copy [source] [dest] |
Copies files from source to destination.
copy *.txt D:\ - Copies all .txt files to D drive. |
| xcopy [source] [dest] |
Advanced copy with subdirectories and attributes.
xcopy /s /e - Copies directories and subdirectories including empty ones. |
| move [source] [dest] |
Moves files or renames files and directories. |
| del [filename] |
Deletes one or more files.
del /f - Forces deletion of read-only files. |
| mkdir [name] |
Creates a new directory.
md [name] - Alternative command. |
| rmdir [name] |
Removes an empty directory.
rmdir /s - Removes directory and all contents. |
| attrib |
Displays or changes file attributes.
attrib +h file.txt - Makes file hidden.
attrib -r file.txt - Removes read-only attribute. |
| chkdsk [drive] |
Checks disk for errors and repairs them.
chkdsk C: /f - Fixes errors on C drive.
chkdsk C: /r - Locates bad sectors and recovers data. |
| diskpart |
Advanced disk partitioning and management utility.
Requires administrative privileges.
Used for formatting, creating, and managing partitions. |
| format [drive] |
Formats a disk for use with Windows.
format D: /fs:NTFS - Formats D drive with NTFS file system.
WARNING: Deletes all data on the drive. |
PowerShell Commands
PowerShell File System Operations
| Command |
Purpose |
| Get-ChildItem |
Lists files and directories (equivalent to dir).
Get-ChildItem -Force - Shows hidden files.
Get-ChildItem -Recurse - Lists all subdirectories. |
| Set-Location [path] |
Changes current directory (equivalent to cd). |
| Copy-Item |
Copies files and directories.
Copy-Item -Recurse - Copies with subdirectories. |
| Move-Item |
Moves or renames files and directories. |
| Remove-Item |
Deletes files and directories.
Remove-Item -Recurse - Deletes directory and contents. |
| New-Item |
Creates new files or directories.
New-Item -ItemType Directory - Creates folder.
New-Item -ItemType File - Creates file. |
| Get-Acl |
Retrieves access control list (permissions) for files/folders. |
| Set-Acl |
Sets access control list (permissions) for files/folders. |
| Get-Volume |
Displays information about volumes (drives). |
| Repair-Volume |
Performs repairs on a volume (similar to chkdsk). |
▲
▼