SlideShare une entreprise Scribd logo

Computer Forensics Working with Windows and DOS Systems

Jyothishmathi Institute of Technology and Science Karimnagar
Jyothishmathi Institute of Technology and Science Karimnagar

Working with Windows and DOS Systems: understanding file systems, exploring Microsoft File Structures, Examining NTFS disks, Understanding whole disk encryption, windows registry, Microsoft startup tasks, MS-DOS startup tasks, virtual machines

Technologie
1  sur  24
Télécharger pour lire hors ligne
Computer Forensics-Working with Windows and DOS Systems Dr R Jegadeesan Prof-CSE Jyothishmathi Institute of Technology and Science, Karimnagar
2 Working with Windows and DOS Systems Understanding file systems • File system – Gives OS a road map to data on a disk • Type of file system an OS uses determines how data is stored on the disk • A file system is usually directly related to an OS • When you need to access a suspect’s computer to acquire or inspect data – You should be familiar with the computer’s platform
3 Working with Windows and DOS Systems Understanding the Boot Sequence • Complementary Metal Oxide Semiconductor (CMOS) – Computer stores system configuration and date and time information in the CMOS • When power to the system is off • Basic Input/Output System (BIOS) – Contains programs that perform input and output at the hardware level
4 Working with Windows and DOS Systems Understanding the Boot Sequence • Bootstrap process – Contained in ROM, tells the computer how to proceed – Displays the key or keys you press to open the CMOS setup screen • CMOS should be modified to boot from a forensic floppy disk or CD
5 Working with Windows and DOS Systems Exploring Microsoft File Structures • In Microsoft file structures, sectors are grouped to form clusters – Storage allocation units of one or more sectors • Clusters are typically 512, 1024, 2048, 4096, or more bytes each • Combining sectors minimizes the overhead of writing or reading files to a disk
6 Working with Windows and DOS Systems Exploring Microsoft File Structures • Clusters are numbered sequentially starting at 2 – First sector of all disks contains a system area, the boot record, and a file structure database • OS assigns these cluster numbers, called logical addresses • Sector numbers are called physical addresses • Clusters and their addresses are specific to a logical disk drive, which is a disk partition
7 Working with Windows and DOS Systems Exploring Microsoft File Structures Master Boot Record • On Windows and DOS computer systems – Boot disk contains a file called the Master Boot Record (MBR) • MBR stores information about partitions on a disk and their locations, size, and other important items • Several software products can modify the MBR, such as PartitionMagic’s Boot Magic
8 Working with Windows and DOS Systems Examining NTFS Disks • New Technology File System (NTFS) – Introduced with Windows NT – Primary file system for Windows Vista • Improvements over FAT file systems – NTFS provides more information about a file – NTFS gives more control over files and folders • NTFS was Microsoft’s move toward a journaling file system
9 Working with Windows and DOS Systems Examining NTFS Disks • In NTFS, everything written to the disk is considered a file • On an NTFS disk – First data set is the Partition Boot Sector – Next is Master File Table (MFT) • NTFS results in much less file slack space • Clusters are smaller for smaller disk drives • NTFS also uses Unicode – An international data format
10 Working with Windows and DOS Systems Examining NTFS Disks NTFS File System • MFT contains information about all files on the disk – Including the system files the OS uses • In the MFT, the first 15 records are reserved for system files • Records in the MFT are called metadata
11 Working with Windows and DOS Systems Understanding Whole Disk Encryption • In recent years, there has been more concern about loss of – Personal identity information (PII) and trade secrets caused by computer theft • Of particular concern is the theft of laptop computers and other handheld devices • To help prevent loss of information, software vendors now provide whole disk encryption
12 Working with Windows and DOS Systems Understanding Whole Disk Encryption • Current whole disk encryption tools offer the following features: – Preboot authentication – Full or partial disk encryption with secure hibernation – Advanced encryption algorithms – Key management function – A Trusted Platform Module (TPM) microchip to generate encryption keys and authenticate logins
13 Working with Windows and DOS Systems Understanding Whole Disk Encryption • Whole disk encryption tools encrypt each sector of a drive separately • Many of these tools encrypt the drive’s boot sector – To prevent any efforts to bypass the secured drive’s partition • To examine an encrypted drive, decrypt it first – Run a vendor-specific program to decrypt the drive
14 Working with Windows and DOS Systems Windows Registry • Registry – A database that stores hardware and software configuration information, network connections, user preferences, and setup information • For investigative purposes, the Registry can contain valuable evidence • To view the Registry, you can use: – Regedit (Registry Editor) program for Windows 9x systems – Regedt32 for Windows 2000 and XP
15 Working with Windows and DOS Systems Windows Registry • Registry terminology: – Registry – Registry Editor – HKEY – Key – Subkey – Branch – Value – Default value – Hives
16 UNIT 5:Working with Windows and DOS Systems Windows Registry fig. Registry File locations and purposes
17 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • Learn what files are accessed when Windows starts • This information helps you determine when a suspect’s computer was last accessed – Important with computers that might have been used after an incident was reported
18 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • All NTFS computers perform the following steps when the computer is turned on: – Power-on self test (POST) – Initial startup – Boot loader – Hardware detection and configuration – Kernel loading – User logon
19 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • Startup Files for Windows XP: – NT Loader (NTLDR) – Boot.ini – BootSect.dos – NTDetect.com – NTBootdd.sys – Ntoskrnl.exe – Hal.dll – Pagefile.sys – Device drivers
20 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • Contamination Concerns with Windows XP – When you start a Windows XP NTFS workstation, several files are accessed immediately • The last access date and time stamp for the files change to the current date and time – Destroys any potential evidence • That shows when a Windows XP workstation was last used
21 Working with Windows and DOS Systems Understanding Virtual Machines • Virtual machine – Allows you to create a representation of another computer on an existing physical computer • A virtual machine is just a few files on your hard drive – Must allocate space to it • A virtual machine recognizes components of the physical machine it’s loaded on – Virtual OS is limited by the physical machine’s OS
22 Working with Windows and DOS Systems Understanding Virtual Machines • In computer forensics – Virtual machines make it possible to restore a suspect drive on your virtual machine • And run nonstandard software the suspect might have loaded • From a network forensics standpoint, you need to be aware of some potential issues, such as: – A virtual machine used to attack another system or network
23 Working with Windows and DOS Systems Understanding Virtual Machines • Two popular applications for creating virtual machines – VMware and Microsoft Virtual PC • Using Virtual PC – You must download and install Virtual PC first
24 Working with Windows and DOS Systems Thank you

Recommandé

Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Jyothishmathi Institute of Technology and Science Karimnagar
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 

Recommandé

Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Jyothishmathi Institute of Technology and Science Karimnagar
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigationOnline
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Ntfs and computer forensics
Ntfs and computer forensicsNtfs and computer forensics
Ntfs and computer forensicsGaurav Ragtah
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools Jyothishmathi Institute of Technology and Science Karimnagar
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
File system Os
File system OsFile system Os
File system OsNehal Naik
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systemsViet-Trung TRAN
 
Windows Forensics- Introduction and Analysis
Windows Forensics- Introduction and AnalysisWindows Forensics- Introduction and Analysis
Windows Forensics- Introduction and AnalysisDon Caeiro
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemAlchemist095
 

Contenu connexe

Tendances

Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigationOnline
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Ntfs and computer forensics
Ntfs and computer forensicsNtfs and computer forensics
Ntfs and computer forensicsGaurav Ragtah
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
File system Os
File system OsFile system Os
File system OsNehal Naik
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_systemMaceni Muse
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systemsViet-Trung TRAN
 

Tendances (20)

Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Ntfs and computer forensics
Ntfs and computer forensicsNtfs and computer forensics
Ntfs and computer forensics
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery tools
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.ppt
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer Crime
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
File system Os
File system OsFile system Os
File system Os
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Live data collection_from_windows_system
Live data collection_from_windows_systemLive data collection_from_windows_system
Live data collection_from_windows_system
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Introduction to distributed file systems
Introduction to distributed file systemsIntroduction to distributed file systems
Introduction to distributed file systems
 

Similaire à Computer Forensics Working with Windows and DOS Systems

Windows Forensics- Introduction and Analysis
Windows Forensics- Introduction and AnalysisWindows Forensics- Introduction and Analysis
Windows Forensics- Introduction and AnalysisDon Caeiro
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemAlchemist095
 
Selecting and Installing Operating System
Selecting and Installing Operating SystemSelecting and Installing Operating System
Selecting and Installing Operating SystemAmir Villas
 
Dheeraj chugh -_presentation_on_ms-dos
Dheeraj chugh -_presentation_on_ms-dosDheeraj chugh -_presentation_on_ms-dos
Dheeraj chugh -_presentation_on_ms-dosREXY J
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Ch 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.pptCh 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.pptwhbwi21Basri
 
Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...
Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...
Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...Eric Vanderburg
 
chapter05 - Operating System.pdf
chapter05 - Operating System.pdfchapter05 - Operating System.pdf
chapter05 - Operating System.pdfsatonaka3
 
01. Introduction.ppt
01. Introduction.ppt01. Introduction.ppt
01. Introduction.pptwarlord56
 
Module 13 - Troubleshooting
Module 13 - TroubleshootingModule 13 - Troubleshooting
Module 13 - TroubleshootingT. J. Saotome
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemKumar Amit Mehta
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 

Similaire à Computer Forensics Working with Windows and DOS Systems (20)

Windows Forensics- Introduction and Analysis
Windows Forensics- Introduction and AnalysisWindows Forensics- Introduction and Analysis
Windows Forensics- Introduction and Analysis
 
Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file system
 
Selecting and Installing Operating System
Selecting and Installing Operating SystemSelecting and Installing Operating System
Selecting and Installing Operating System
 
Cos413day3
Cos413day3Cos413day3
Cos413day3
 
Managing Files
Managing FilesManaging Files
Managing Files
 
Dheeraj chugh -_presentation_on_ms-dos
Dheeraj chugh -_presentation_on_ms-dosDheeraj chugh -_presentation_on_ms-dos
Dheeraj chugh -_presentation_on_ms-dos
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
windows.pptx
windows.pptxwindows.pptx
windows.pptx
 
Ch 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.pptCh 04 Data Acquisition for Digital Forensics.ppt
Ch 04 Data Acquisition for Digital Forensics.ppt
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...
Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...
Computer Architecture - Software - Lesson 13 - Printers, Mac OS and Linux - E...
 
chapter05 - Operating System.pdf
chapter05 - Operating System.pdfchapter05 - Operating System.pdf
chapter05 - Operating System.pdf
 
01. Introduction.ppt
01. Introduction.ppt01. Introduction.ppt
01. Introduction.ppt
 
File000128
File000128File000128
File000128
 
Ms dos
Ms dosMs dos
Ms dos
 
Windows File Systems
Windows File SystemsWindows File Systems
Windows File Systems
 
Module 13 - Troubleshooting
Module 13 - TroubleshootingModule 13 - Troubleshooting
Module 13 - Troubleshooting
 
Case study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File systemCase study of BtrFS: A fault tolerant File system
Case study of BtrFS: A fault tolerant File system
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
Embedded system - embedded system programming
Embedded system - embedded system programmingEmbedded system - embedded system programming
Embedded system - embedded system programming
 

Plus de Jyothishmathi Institute of Technology and Science Karimnagar

Plus de Jyothishmathi Institute of Technology and Science Karimnagar (20)

JAVA PROGRAMMING- GUI Programming with Swing - The Swing Buttons
JAVA PROGRAMMING- GUI Programming with Swing - The Swing ButtonsJAVA PROGRAMMING- GUI Programming with Swing - The Swing Buttons
JAVA PROGRAMMING- GUI Programming with Swing - The Swing Buttons
 
JAVA PROGRAMMING - The Collections Framework
JAVA PROGRAMMING - The Collections Framework JAVA PROGRAMMING - The Collections Framework
JAVA PROGRAMMING - The Collections Framework
 
JAVA PROGRAMMING- Exception handling - Multithreading
JAVA PROGRAMMING- Exception handling - MultithreadingJAVA PROGRAMMING- Exception handling - Multithreading
JAVA PROGRAMMING- Exception handling - Multithreading
 
JAVA PROGRAMMING – Packages - Stream based I/O
JAVA PROGRAMMING – Packages - Stream based I/O JAVA PROGRAMMING – Packages - Stream based I/O
JAVA PROGRAMMING – Packages - Stream based I/O
 
Java programming -Object-Oriented Thinking- Inheritance
Java programming -Object-Oriented Thinking- InheritanceJava programming -Object-Oriented Thinking- Inheritance
Java programming -Object-Oriented Thinking- Inheritance
 
WEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScriptWEB TECHNOLOGIES JavaScript
WEB TECHNOLOGIES JavaScript
 
WEB TECHNOLOGIES JSP
WEB TECHNOLOGIES JSPWEB TECHNOLOGIES JSP
WEB TECHNOLOGIES JSP
 
WEB TECHNOLOGIES Servlet
WEB TECHNOLOGIES ServletWEB TECHNOLOGIES Servlet
WEB TECHNOLOGIES Servlet
 
WEB TECHNOLOGIES XML
WEB TECHNOLOGIES XMLWEB TECHNOLOGIES XML
WEB TECHNOLOGIES XML
 
WEB TECHNOLOGIES- PHP Programming
WEB TECHNOLOGIES- PHP ProgrammingWEB TECHNOLOGIES- PHP Programming
WEB TECHNOLOGIES- PHP Programming
 
Compiler Design- Machine Independent Optimizations
Compiler Design- Machine Independent OptimizationsCompiler Design- Machine Independent Optimizations
Compiler Design- Machine Independent Optimizations
 
COMPILER DESIGN Run-Time Environments
COMPILER DESIGN Run-Time EnvironmentsCOMPILER DESIGN Run-Time Environments
COMPILER DESIGN Run-Time Environments
 
COMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed TranslationCOMPILER DESIGN- Syntax Directed Translation
COMPILER DESIGN- Syntax Directed Translation
 
COMPILER DESIGN- Syntax Analysis
COMPILER DESIGN- Syntax AnalysisCOMPILER DESIGN- Syntax Analysis
COMPILER DESIGN- Syntax Analysis
 
COMPILER DESIGN- Introduction & Lexical Analysis:
COMPILER DESIGN- Introduction & Lexical Analysis: COMPILER DESIGN- Introduction & Lexical Analysis:
COMPILER DESIGN- Introduction & Lexical Analysis:
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash FunctionsCRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
CRYPTOGRAPHY & NETWORK SECURITY- Cryptographic Hash Functions
 
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 

Dernier

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 

Dernier (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Computer Forensics Working with Windows and DOS Systems

  • 1. Computer Forensics-Working with Windows and DOS Systems Dr R Jegadeesan Prof-CSE Jyothishmathi Institute of Technology and Science, Karimnagar
  • 2. 2 Working with Windows and DOS Systems Understanding file systems • File system – Gives OS a road map to data on a disk • Type of file system an OS uses determines how data is stored on the disk • A file system is usually directly related to an OS • When you need to access a suspect’s computer to acquire or inspect data – You should be familiar with the computer’s platform
  • 3. 3 Working with Windows and DOS Systems Understanding the Boot Sequence • Complementary Metal Oxide Semiconductor (CMOS) – Computer stores system configuration and date and time information in the CMOS • When power to the system is off • Basic Input/Output System (BIOS) – Contains programs that perform input and output at the hardware level
  • 4. 4 Working with Windows and DOS Systems Understanding the Boot Sequence • Bootstrap process – Contained in ROM, tells the computer how to proceed – Displays the key or keys you press to open the CMOS setup screen • CMOS should be modified to boot from a forensic floppy disk or CD
  • 5. 5 Working with Windows and DOS Systems Exploring Microsoft File Structures • In Microsoft file structures, sectors are grouped to form clusters – Storage allocation units of one or more sectors • Clusters are typically 512, 1024, 2048, 4096, or more bytes each • Combining sectors minimizes the overhead of writing or reading files to a disk
  • 6. 6 Working with Windows and DOS Systems Exploring Microsoft File Structures • Clusters are numbered sequentially starting at 2 – First sector of all disks contains a system area, the boot record, and a file structure database • OS assigns these cluster numbers, called logical addresses • Sector numbers are called physical addresses • Clusters and their addresses are specific to a logical disk drive, which is a disk partition
  • 7. 7 Working with Windows and DOS Systems Exploring Microsoft File Structures Master Boot Record • On Windows and DOS computer systems – Boot disk contains a file called the Master Boot Record (MBR) • MBR stores information about partitions on a disk and their locations, size, and other important items • Several software products can modify the MBR, such as PartitionMagic’s Boot Magic
  • 8. 8 Working with Windows and DOS Systems Examining NTFS Disks • New Technology File System (NTFS) – Introduced with Windows NT – Primary file system for Windows Vista • Improvements over FAT file systems – NTFS provides more information about a file – NTFS gives more control over files and folders • NTFS was Microsoft’s move toward a journaling file system
  • 9. 9 Working with Windows and DOS Systems Examining NTFS Disks • In NTFS, everything written to the disk is considered a file • On an NTFS disk – First data set is the Partition Boot Sector – Next is Master File Table (MFT) • NTFS results in much less file slack space • Clusters are smaller for smaller disk drives • NTFS also uses Unicode – An international data format
  • 10. 10 Working with Windows and DOS Systems Examining NTFS Disks NTFS File System • MFT contains information about all files on the disk – Including the system files the OS uses • In the MFT, the first 15 records are reserved for system files • Records in the MFT are called metadata
  • 11. 11 Working with Windows and DOS Systems Understanding Whole Disk Encryption • In recent years, there has been more concern about loss of – Personal identity information (PII) and trade secrets caused by computer theft • Of particular concern is the theft of laptop computers and other handheld devices • To help prevent loss of information, software vendors now provide whole disk encryption
  • 12. 12 Working with Windows and DOS Systems Understanding Whole Disk Encryption • Current whole disk encryption tools offer the following features: – Preboot authentication – Full or partial disk encryption with secure hibernation – Advanced encryption algorithms – Key management function – A Trusted Platform Module (TPM) microchip to generate encryption keys and authenticate logins
  • 13. 13 Working with Windows and DOS Systems Understanding Whole Disk Encryption • Whole disk encryption tools encrypt each sector of a drive separately • Many of these tools encrypt the drive’s boot sector – To prevent any efforts to bypass the secured drive’s partition • To examine an encrypted drive, decrypt it first – Run a vendor-specific program to decrypt the drive
  • 14. 14 Working with Windows and DOS Systems Windows Registry • Registry – A database that stores hardware and software configuration information, network connections, user preferences, and setup information • For investigative purposes, the Registry can contain valuable evidence • To view the Registry, you can use: – Regedit (Registry Editor) program for Windows 9x systems – Regedt32 for Windows 2000 and XP
  • 15. 15 Working with Windows and DOS Systems Windows Registry • Registry terminology: – Registry – Registry Editor – HKEY – Key – Subkey – Branch – Value – Default value – Hives
  • 16. 16 UNIT 5:Working with Windows and DOS Systems Windows Registry fig. Registry File locations and purposes
  • 17. 17 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • Learn what files are accessed when Windows starts • This information helps you determine when a suspect’s computer was last accessed – Important with computers that might have been used after an incident was reported
  • 18. 18 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • All NTFS computers perform the following steps when the computer is turned on: – Power-on self test (POST) – Initial startup – Boot loader – Hardware detection and configuration – Kernel loading – User logon
  • 19. 19 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • Startup Files for Windows XP: – NT Loader (NTLDR) – Boot.ini – BootSect.dos – NTDetect.com – NTBootdd.sys – Ntoskrnl.exe – Hal.dll – Pagefile.sys – Device drivers
  • 20. 20 Working with Windows and DOS Systems Understanding Microsoft Startup Tasks • Contamination Concerns with Windows XP – When you start a Windows XP NTFS workstation, several files are accessed immediately • The last access date and time stamp for the files change to the current date and time – Destroys any potential evidence • That shows when a Windows XP workstation was last used
  • 21. 21 Working with Windows and DOS Systems Understanding Virtual Machines • Virtual machine – Allows you to create a representation of another computer on an existing physical computer • A virtual machine is just a few files on your hard drive – Must allocate space to it • A virtual machine recognizes components of the physical machine it’s loaded on – Virtual OS is limited by the physical machine’s OS
  • 22. 22 Working with Windows and DOS Systems Understanding Virtual Machines • In computer forensics – Virtual machines make it possible to restore a suspect drive on your virtual machine • And run nonstandard software the suspect might have loaded • From a network forensics standpoint, you need to be aware of some potential issues, such as: – A virtual machine used to attack another system or network
  • 23. 23 Working with Windows and DOS Systems Understanding Virtual Machines • Two popular applications for creating virtual machines – VMware and Microsoft Virtual PC • Using Virtual PC – You must download and install Virtual PC first
  • 24. 24 Working with Windows and DOS Systems Thank you