DeepFreeze is a tool made by Faronics corporation that essentially freezes the disk in place so that you can do whatever you like to the PC, but after a restart all the changes are restored to its frozen state. Its a really nice tool for someone who runs a lab, but how does it work?

Playing with it – I believe its a kernel level driver that intercepts filesystem calls to update the MFT (master file table – its a section of the disk that tells the OS where files are located physically and how big they are – stuff like that). Anyhow instead of updating the disk itself – it caches those changes on a separate file or in physical memory (not sure yet) and of course when you reboot those changes are discarded because the memory is reset. I’m still playing around with it – so its a theory still.


One Comment

  1. That’s more than I knew about it – cool?

    My theory: it’s magic o.O

