| Previous | Next |
| STATUS_INVALID_USER_BUFFER | STATUS_UNEXPECTED_MM_CREATE_ERR |
STATUS_UNEXPECTED_IO_ERROR
If an I/O error is returned which is not defined in the standard FsRtl filter, it is converted to the following error which is guaranteed to be in the filter. In this case information is lost, however, the filter correctly handles the exception.
Sparse files allow for the efficient storage of data sets that are very large yet contain many areas that only have zeros. Reparse points allow the object manager to reset a file namespace lookup and let file system drivers implement changed functionality in a transparent manner.
The Encrypting File System (EFS) introduced strong file system-level encryption to Windows. It allows any folder or drive on an NTFS volume to be encrypted transparently by the user. EFS works together with the EFS service, Microsoft’s CryptoAPI and the EFS File System Runtime Library (FSRTL). Up to this date, its encryption has not been compromised.
EFS works by encrypting a file with a bulk symmetric key (also known as the File Encryption Key, or FEK), which is used because it takes less time to encrypt and decrypt large amounts of data than if an asymmetric key cipher were used.
The symmetric key used to encrypt the file is then encrypted with a public key associated with the user who encrypted the file, and this encrypted data is stored in the header of the encrypted file.
To decrypt the file, the file system uses the private key of the user to decrypt the symmetric key stored in the file header. It then uses the symmetric key to decrypt the file. Because this is done at the file system level, it is transparent to the user.