1. Home
  2. Entities
  3. Classes
  4. observable:MftRecordFacet

observable:MftRecordFacet leaf node

URI

https://ontology.unifiedcyberontology.org/uco/observable/MftRecordFacet

Label

MftRecordFacet

Description

An MFT record facet is a grouping of characteristics unique to the details of a single file as managed in an NTFS (new technology filesystem) master file table (which is a collection of information about all files on an NTFS filesystem). [based on https://docs.microsoft.com/en-us/windows/win32/devnotes/master-file-table]

Superclasses (3)

  • core:Facet
  • core:UcoInherentCharacterizationThing
  • core:UcoThing

    • Shapes (1)

  • observable:MftRecordFacet

    • Usage

    Instances of observable:MftRecordFacet can have the following properties:

    PROPERTYTYPEDESCRIPTIONRANGE
    From class owl:Thing
    core:informalType owl:DatatypeProperty Informal Type serves as a parent property for string-valued properties meant to describe a type without implementing a class design. This property hierarchy supports a balancing point between semantic specificity and operational agility. The known benefits of describing types rather than implementing them include swift extensibility of some existing, or possibly non-existing, subclass hierarchy in UCO without requiring training in ontological development, taxonomic specification, or OWL, SHACL, or RDF maintenance logistics. The known detractions of using string-literals for type descriptions include that used vocabularies may require careful maintenance among data-sharing parties; that vocabularies require independent logistics (external to UCO) for providing definitions (i.e., dictionary-style semantics) to string-literals chosen; and that string-literals cannot by themselves encode hierarchical structure or entailments, such as the informal device type string 'ExamplePhone 8 P4321' entailing 'ExamplePhone 8', 'ExamplePhone', or 'ExamplePhone models discontinued in 2020'. Usage of Informal Type to house strings should be weighed against usage of classes when classes are available, and should periodically be reviewed for potential additions to UCO's class hierarchy or downstream extensions thereof. owl:Thing
    types:threadNextItem owl:ObjectProperty The link to a next item in a thread. owl:Thing
    types:threadPreviousItem owl:ObjectProperty A direct link to a previous item in a thread. owl:Thing

    Property Shapes

    By the associated SHACL property shapes, instances of observable:MftRecordFacet can have the following properties:

    PROPERTY

    PROPERTY TYPE

    DESCRIPTION

    MIN COUNT

    MAX COUNT

    LOCAL RANGE
    (type range for property on this class)

    GLOBAL RANGE
    (type range for property globally)
    observable:MftRecordFacet
    observable:mftFileID owl:DatatypeProperty Specifies the record number for the file within an NTFS Master File Table.
    		1 xsd:integer
    		xsd:integer
    observable:mftFileNameAccessedTime owl:DatatypeProperty The access date and time recorded in an MFT entry $File_Name attribute.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:mftFileNameCreatedTime owl:DatatypeProperty The creation date and time recorded in an MFT entry $File_Name attribute.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:mftFileNameLength owl:DatatypeProperty Specifies the length of an NTFS file name, in unicode characters.
    		1 xsd:integer
    		xsd:integer
    observable:mftFileNameModifiedTime owl:DatatypeProperty The modification date and time recorded in an MFT entry $File_Name attribute.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:mftFileNameRecordChangeTime owl:DatatypeProperty The metadata modification date and time recorded in an MFT entry $File_Name attribute.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:mftFlags owl:DatatypeProperty Specifies basic permissions for the file (Read-Only, Hidden, Archive, Compressed, etc.).
    		1 xsd:integer
    		xsd:integer
    observable:mftParentID owl:DatatypeProperty Specifies the record number within an NTFS Master File Table for parent directory of the file.
    		1 xsd:integer
    		xsd:integer
    observable:mftRecordChangeTime owl:DatatypeProperty The date and time at which an NTFS file metadata was last modified.
    		1 xsd:dateTime
    		xsd:dateTime
    observable:ntfsHardLinkCount owl:DatatypeProperty Specifies the number of directory entries that reference an NTFS file record.
    		1 xsd:integer
    		xsd:integer
    observable:ntfsOwnerID owl:DatatypeProperty Specifies the identifier of the file owner, from the security index.
    		1 xsd:string
    		xsd:string
    observable:ntfsOwnerSID owl:DatatypeProperty Specifies the security ID (key in the $SII Index and $SDS DataStream in the file $Secure) for an NTFS file.
    		1 xsd:string
    		xsd:string

    Implementation

    @prefix core: <https://ontology.unifiedcyberontology.org/uco/core/> .
@prefix observable: <https://ontology.unifiedcyberontology.org/uco/observable/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix sh: <http://www.w3.org/ns/shacl#> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .

observable:MftRecordFacet a owl:Class,
        sh:NodeShape ;
    rdfs:label "MftRecordFacet"@en ;
    rdfs:comment "An MFT record facet is a grouping of characteristics unique to the details of a single file as managed in an NTFS (new technology filesystem) master file table (which is a collection of information about all files on an NTFS filesystem). [based on https://docs.microsoft.com/en-us/windows/win32/devnotes/master-file-table]"@en ;
    rdfs:subClassOf core:Facet ;
    sh:property [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftFileNameAccessedTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftFileNameCreatedTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftFileNameModifiedTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftFileNameRecordChangeTime ],
        [ sh:datatype xsd:dateTime ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftRecordChangeTime ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftFileID ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftFileNameLength ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftFlags ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:mftParentID ],
        [ sh:datatype xsd:integer ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:ntfsHardLinkCount ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:ntfsOwnerID ],
        [ sh:datatype xsd:string ;
            sh:maxCount 1 ;
            sh:nodeKind sh:Literal ;
            sh:path observable:ntfsOwnerSID ] ;
    sh:targetClass observable:MftRecordFacet .