Class: MftRecordFacet

"An MFT record facet is a grouping of characteristics unique to the details of a single file as managed in an NTFS (new technology filesystem) master file table (which is a collection of information about all files on an NTFS filesystem). [based on https://docs.microsoft.com/en-us/windows/win32/devnotes/master-file-table]"

URI: observable:MftRecordFacet

classDiagram class MftRecordFacet Facet <|-- MftRecordFacet MftRecordFacet : mftFileID MftRecordFacet ..> integer : mftFileID MftRecordFacet : mftFileNameAccessedTime MftRecordFacet ..> datetime : mftFileNameAccessedTime MftRecordFacet : mftFileNameCreatedTime MftRecordFacet ..> datetime : mftFileNameCreatedTime MftRecordFacet : mftFileNameLength MftRecordFacet ..> integer : mftFileNameLength MftRecordFacet : mftFileNameModifiedTime MftRecordFacet ..> datetime : mftFileNameModifiedTime MftRecordFacet : mftFileNameRecordChangeTme MftRecordFacet ..> datetime : mftFileNameRecordChangeTme MftRecordFacet : mftFlags MftRecordFacet ..> integer : mftFlags MftRecordFacet : mftParentID MftRecordFacet ..> integer : mftParentID MftRecordFacet : mftRecordChangeTime MftRecordFacet ..> datetime : mftRecordChangeTime MftRecordFacet : ntfsHardLinkCount MftRecordFacet ..> integer : ntfsHardLinkCount MftRecordFacet : ntfsOwnerID MftRecordFacet ..> string : ntfsOwnerID MftRecordFacet : ntfsOwnerSID MftRecordFacet ..> string : ntfsOwnerSID

Inheritance

UcoThing
- UcoInherentCharacterizationThing
  - Facet
    - MftRecordFacet

Slots

Name	Cardinality and Range	Description	Inheritance
mftFileNameAccessedTime	0..1 xsd:dateTime	"The access date and time recorded in an MFT entry $ file_Name attribute	direct
mftFileNameCreatedTime	0..1 xsd:dateTime	"The creationDate and time recorded in an MFT entry $ file_Name attribute	direct
mftFileNameModifiedTime	0..1 xsd:dateTime	"The modification date and time recorded in an MFT entry $ file_Name attribut...	direct
mftFileNameRecordChangeTme	0..1 xsd:dateTime	"The metadata modification date and time recorded in an MFT entry $ file_Name...	direct
mftRecordChangeTime	0..1 xsd:dateTime	"The date and time at which an NTFS file metadata was last modified	direct
mftFileID	0..1 xsd:integer	"Specifies the record number for the file within an NTFS Master file Table	direct
mftFileNameLength	0..1 xsd:integer	" Specifies the length of an NTFS fileName, in unicode characters	direct
mftFlags	0..1 xsd:integer	"Specifies basic permissions for the file (Read-Only, Hidden, Archive, Compre...	direct
mftParentID	0..1 xsd:integer	"Specifies the record number within an NTFS Master file Table for parent dire...	direct
ntfsHardLinkCount	0..1 xsd:integer	"Specifies the number of directory entries that reference an NTFS file record	direct
ntfsOwnerID	0..1 xsd:string	"Specifies the identifier of the file owner, from the security index	direct
ntfsOwnerSID	0..1 xsd:string	"Specifies the security ID (key in the $SII Index and $SDS DataStream in the ...	direct

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/uco-observable

Mappings

Mapping Type	Mapped Value
self	observable:MftRecordFacet
native	observable:MftRecordFacet

LinkML Source

Direct

name: MftRecordFacet
description: '"An MFT record facet is a grouping of characteristics unique to the
  details of a single file as managed in an NTFS (new technology filesystem) master
  file table (which is a collection of information about all files on an NTFS filesystem).
  [based on https://docs.microsoft.com/en-us/windows/win32/devnotes/master-file-table]"'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
slots:
- mftFileNameAccessedTime
- mftFileNameCreatedTime
- mftFileNameModifiedTime
- mftFileNameRecordChangeTme
- mftRecordChangeTime
- mftFileID
- mftFileNameLength
- mftFlags
- mftParentID
- ntfsHardLinkCount
- ntfsOwnerID
- ntfsOwnerSID

Induced

name: MftRecordFacet
description: '"An MFT record facet is a grouping of characteristics unique to the
  details of a single file as managed in an NTFS (new technology filesystem) master
  file table (which is a collection of information about all files on an NTFS filesystem).
  [based on https://docs.microsoft.com/en-us/windows/win32/devnotes/master-file-table]"'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: Facet
attributes:
  mftFileNameAccessedTime:
    name: mftFileNameAccessedTime
    description: '"The access date and time recorded in an MFT entry $ file_Name attribute."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftFileNameAccessedTime
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: datetime
  mftFileNameCreatedTime:
    name: mftFileNameCreatedTime
    description: '"The creationDate and time recorded in an MFT entry $ file_Name
      attribute."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftFileNameCreatedTime
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: datetime
  mftFileNameModifiedTime:
    name: mftFileNameModifiedTime
    description: '"The modification date and time recorded in an MFT entry $ file_Name
      attribute."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftFileNameModifiedTime
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: datetime
  mftFileNameRecordChangeTme:
    name: mftFileNameRecordChangeTme
    description: '"The metadata modification date and time recorded in an MFT entry
      $ file_Name attribute."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftFileNameRecordChangeTme
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: datetime
  mftRecordChangeTime:
    name: mftRecordChangeTime
    description: '"The date and time at which an NTFS file metadata was last modified."'
    in_subset:
    - microsoft
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftRecordChangeTime
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: datetime
  mftFileID:
    name: mftFileID
    description: '"Specifies the record number for the file within an NTFS Master
      file Table."'
    in_subset:
    - microsoft
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftFileID
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: integer
  mftFileNameLength:
    name: mftFileNameLength
    description: '" Specifies the length of an NTFS fileName, in unicode characters."'
    in_subset:
    - microsoft
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftFileNameLength
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: integer
  mftFlags:
    name: mftFlags
    description: '"Specifies basic permissions for the file (Read-Only, Hidden, Archive,
      Compressed, etc.)."'
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftFlags
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: integer
  mftParentID:
    name: mftParentID
    description: '"Specifies the record number within an NTFS Master file Table for
      parent directory of the file."'
    in_subset:
    - microsoft
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: mftParentID
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: integer
  ntfsHardLinkCount:
    name: ntfsHardLinkCount
    description: '"Specifies the number of directory entries that reference an NTFS
      file record."'
    in_subset:
    - microsoft
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: ntfsHardLinkCount
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: integer
  ntfsOwnerID:
    name: ntfsOwnerID
    description: '"Specifies the identifier of the file owner, from the security index."'
    in_subset:
    - microsoft
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: ntfsOwnerID
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: string
  ntfsOwnerSID:
    name: ntfsOwnerSID
    description: '"Specifies the security ID (key in the $SII Index and $SDS DataStream
      in the file $Secure) for an NTFS file."'
    in_subset:
    - microsoft
    from_schema: https://w3id.org/lmodel/uco-observable
    rank: 1000
    alias: ntfsOwnerSID
    owner: MftRecordFacet
    domain_of:
    - MftRecordFacet
    range: string