[ The PC Guide | Systems and Components Reference Guide | Hard Disk Drives | Hard Disk Logical Structures and File Systems | New Technology File System (NTFS) | NTFS Reliability Features and System Management ]

Change (USN) Journals

When Windows 2000 was released, Microsoft created NTFS version 5.0, which included several new features and improvements over older versions of the file system. One of these was a new system management feature that is very useful for certain types of applications. Under Windows 2000, NTFS 5.0 partitions can be set to keep track of changes to files and directories on the volume, providing a record of what was done to the various objects and when. When enabled, the system records all changes made to the volume in the Change Journal, which is the name also used to describe the feature itself.

Change Journals work in a fairly simple manner. One journal is maintained for each NTFS volume, and it begins as an empty file. Whenever a change is made to the volume, a record is added to the file. Each record is identified by a 64-bit Update Sequence Number or USN. (In fact, Change Journals are sometimes called USN Journals.) Each record in the Change Journal contains the USN, the name of the file, and information about what the change was.

It's important to point out what the Change Journal does not contain, as much as what it does. The Change Journal describes the changes that took place, but does not include all the data or details associated with the change. So for example, if you write data to a particular file, the Change Journal will contain an entry that indicates that the data was written, but not the contents of the data itself. For this reason, the Change Journal cannot be used to "undo" operations on file system objects within NTFS. (It's frightening to think about just how much overhead the file system would consume if it tried to keep "undo" data for every file operation!)

The applications that could potentially make use of the Change Journal are many. For starters, it could be very useful for system-level utilities. For example, anti-virus programs could make use of change journals to detect unauthorized changes to files. Backup programs could also make use of the facility to determine which files had changed since the last time a backup was performed. Programs that perform system management tasks such as archival or replication could also make good use of this feature.

Next: Error Correction and Fault Tolerance

Home  -  Search  -  Topics  -  Up

The PC Guide (http://www.PCGuide.com)
Site Version: 2.2.0 - Version Date: April 17, 2001
© Copyright 1997-2004 Charles M. Kozierok. All Rights Reserved.

Not responsible for any loss resulting from the use of this site.
Please read the Site Guide before using this material.