tailieunhanh - Guide to Computer forensics and investigations - Chapter 5: Working with Windows and CLI systems

Chapter 5 "Working with Windows and CLI systems". In this chapter, you review how data is stored and managed in Microsoft OSs, including Windows and command-line interface (CLI) OSs. To become proficient in recovering data for digital investigations, you should understand file systems and their OSs, including legacy (MS-DOS, Windows 9x, and Windows Me, for example) and current OSs. | Chapter 5 Working with Windows and CLI Systems Guide to Computer Forensics and Investigations Fifth Edition Guide to Computer Forensics and Investigations, Fifth Edition Objectives Explain the purpose and structure of file systems Describe Microsoft file structures Explain the structure of NTFS disks List some options for decrypting drives encrypted with whole disk encryption Explain how the Windows Registry works Describe Microsoft startup tasks Explain the purpose of a virtual machine Guide to Computer Forensics and Investigations, Fifth Edition Understanding File Systems File system Gives OS a road map to data on a disk Type of file system an OS uses determines how data is stored on the disk When you need to access a suspect’s computer to acquire or inspect data You should be familiar with both the computer’s OS and file systems Guide to Computer Forensics and Investigations, Fifth Edition Understanding the Boot Sequence Complementary Metal Oxide Semiconductor (CMOS) . | Chapter 5 Working with Windows and CLI Systems Guide to Computer Forensics and Investigations Fifth Edition Guide to Computer Forensics and Investigations, Fifth Edition Objectives Explain the purpose and structure of file systems Describe Microsoft file structures Explain the structure of NTFS disks List some options for decrypting drives encrypted with whole disk encryption Explain how the Windows Registry works Describe Microsoft startup tasks Explain the purpose of a virtual machine Guide to Computer Forensics and Investigations, Fifth Edition Understanding File Systems File system Gives OS a road map to data on a disk Type of file system an OS uses determines how data is stored on the disk When you need to access a suspect’s computer to acquire or inspect data You should be familiar with both the computer’s OS and file systems Guide to Computer Forensics and Investigations, Fifth Edition Understanding the Boot Sequence Complementary Metal Oxide Semiconductor (CMOS) Computer stores system configuration and date and time information in the CMOS When power to the system is off Basic Input/Output System (BIOS) or Extensible Firmware Interface (EFI) Contains programs that perform input and output at the hardware level Guide to Computer Forensics and Investigations, Fifth Edition Understanding the Boot Sequence Bootstrap process Contained in ROM, tells the computer how to proceed Displays the key or keys you press to open the CMOS setup screen CMOS should be modified to boot from a forensic floppy disk or CD Guide to Computer Forensics and Investigations, Fifth Edition Understanding the Boot Sequence Guide to Computer Forensics and Investigations, Fifth Edition Understanding Disk Drives Disk drives are made up of one or more platters coated with magnetic material Disk drive components Geometry Head Tracks Cylinders Sectors Guide to Computer Forensics and Investigations, Fifth Edition Understanding Disk Drives Guide to Computer Forensics