NTFS

Directories are just a special type of files

Internally, NTFS treats folders as a special type of file.

NTFS features three link types:

It might be argued that .lnk and .url files are also a kind of links.

In cmd.exe, a links can be created with created with mklink.

The same file is referenced by more than one path.

Hard links are only possible within the same drive.

After modifying a hard linked file, its size information and attribute information is only updated for for the path that was used to modify the file.

A symbolic link (aka symlink) is essentially a pointer to a file or a directory

In PowerShell, a symbolic link can be created with the new-item … -itemType symbolicLink cmdLet.

Administrator rights are required to create a symbolic link unless Windows is put into developer mode.

NTFS has symlinks since Windows Vista.

Apparently, symbolic links are kernel objects and implemented with reparse points.

Junctions are similar to hard links, but operate on directories. Unlike hard links, Junctions can cross volume boundaries (but not to remote shares).

A file can have alternate data streams.

NTFS is a journalled file system.

Encryption can be enabled by users on a per-file, per-directory, or per-drive basis.

Some EFS settings can also be mandated via Group Policy in Windows domain environments

Directories that are enabled for encryption have an according encryption attribute set.

Files might be decrypted without the user realising this in situations like

EFS uses a symmetric key (aka the File Encryption Key (FEK)) to encrypt data.

The FEK itself is encrypted with the user's public key and stored in the encrypted file's alternative data stream $EFS.