Skip main navigation


Article detailing an overview of NT File System $MFT file segment entry (record) attribute 0x10 $STANDARD_INFORMATION.
© PA Knowledge Ltd | 7Safe Training


The Standard Information attribute contains the files ownership information together with the files permissions and associated dates and times.

This attribute is known as a resident attribute meaning that all the relevant file information only resides within the attribute itself.

An example of a Standard Information attribute is detailed below:

Screenshot of $MFT file segment entry attribute 0x10.

File dates and times are commonly referred to within the forensic community as MAC times. This attribute contains what are known as primary MAC times an explanation of which are detailed in below:

Name Remarks
File Creation This date and time refers to when file commenced creation on the volume it resides.
File Modified This date and time refers to when the file content was last modified on a volume (not necessarily the volume it resides).
Record Changed This date and time refers to when the MFT record itself was last changed. This date and time field is not displayed to a user.
Last Accessed Time This date and time refers to when the file was last accessed by a process (computer or user). This function has been disabled post Windows XP.

Additional information…

As detailed, the attribute also contains any permissions applied to the file which are stored as flags. An example of what permissions are set is detailed below:

Screenshot of $MFT file segment entry flag permissions.

It can be seen that the only permission set is ‘Archive’. The value of this permission is 0x20.

A list of permission flags are detailed below:

Flag Value Description
0x0001 Read only
0x0002 Hidden
0x0004 System
0x0020 Archive
0x0040 Device
0x0080 Normal
0x0100 Temporary
0x0200 Sparse file
0x0400 Reparse point
0x0800 Compressed
0x1000 Offline
0x2000 Content not indexed
0x4000 Encrypted
© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now