$Secure Streams and Descriptors
Posted by Paul Bobby on March 29, 2010
I was reading through some of the documentation at linux-ntfs.org trying to get a handle on Access Control Entries, or ACE. The easiest way for me to process this data was by walking through a test scenario. So I took a 2gig thumb drive, formatted it NTFS and created a non-resident text file called ‘test.txt’.
I parsed out the Standard Information Attribute:
Search for the Security ID in the $Secure:$SII stream
Go to the offset, 960, in the $Secure:$SDS stream
The following code from the Linux NTFS documentation site describes the details of the Access Control Entry mask.