Change Log for Windows Blocks (NTFS)

Question

Change Log for Windows Blocks (NTFS)

I wrote a backup tool capable of backing up files and volume images for Windows. To determine which files have been modified, I use the Windows change log. I already use the shadow copy function to make a consistent copy of files and volume images.

To determine which blocks have been changed, I use hashes at the moment. This means that the entire volume must be read once (because in order to see which block changed the hashes of all the blocks, you need to calculate it). The backup integrated in Windows 7 is capable of creating incremental volumes of images without checking all blocks. I could not find an API for a kind of block level change log.

Does anyone know how to access this information? (I'm ready to dive deep into the internal parts of NTFS - even reading and parsing special files)

+6

windows block ntfs

Uroni Nov 13 '10 at 13:33

source share

2 answers

Hannes de jager · Answer 1 · 2011-02-21T15:35:40+0000

I do not think that information about changing the level of a block is available anywhere. Most likely, what the integrated backup of Windows 7 does, it installs the File Filter Filter Driver , as some backup products and antivirus software do. The filter driver can intercept all calls to the file system and thus know which blocks have been changed. If you do this, you can create your own change log, which will work at the block level, but only for files that interest you.

I would really like to know the answer itself.

Jackobyte · Answer 2 · 2014-07-11T14:27:54+0000

When you say the Windows change log, as I understand it, do you mean NTFS USN? It looks like the Windows 7 backup uses a combination of VSC and NTFS USN to detect changes and create incremental images just like you already do.

Change Log for Windows Blocks (NTFS)

More articles: