Cindy - Anatomy of a Window

Download Report

Transcript Cindy - Anatomy of a Window

Computer Forensics
Principles and Practices
by Volonino, Anzaldua, and Godwin
Chapter 6: Operating Systems and Data Transmission
Basics for Digital Investigations
Objectives




Define and recognize an operating system
Identify the different types of operating
system interfaces
Identify the different components of an
operating system
Understand and identify the different file
systems
© Pearson Education Computer Forensics: Principles and Practices
2
Introduction
Hardware and software work together to run
the computer. It is important to understand
what operating system you are dealing with, in
order to understand how and where data is
stored on the storage device(s). This chapter
provides this foundation.
© Pearson Education Computer Forensics: Principles and Practices
3
What Is an Operating System?

Simply stated, an operating system is a
program that controls how a computer
functions


OS controls how data is accessed, saved, and
organized on a storage device
Core of the operating system is called the
kernel
© Pearson Education Computer Forensics: Principles and Practices
4
Operating System Functions

An operating system provides:







Some type of user interface
Single-user or multiple-user access to applications
File management
Memory management
Job management
Device management
Security
© Pearson Education Computer Forensics: Principles and Practices
5
Types of Interfaces



A user interface is the way a user
communicates with the computer
User interface may also be known as a shell
Two major interface types:


Graphical user interface (GUI)
Command-line interface (CLI)
© Pearson Education Computer Forensics: Principles and Practices
6
Categories of Use

Single-user systems




Designed to be used by only one user
DOS is a single-user single-tasking system
Windows is a single-user multitasking system
Multiple-user systems


Allow multiple users to access the same
application
Servers and UNIX/Linux are multiple-user
systems
© Pearson Education Computer Forensics: Principles and Practices
7
File and Memory Management




The OS controls reading, writing, accessing,
and modification of data
Basic units of file management are files and
folders or directories
Memory management deals with temporary
storage or use of applications and data
The OS controls where applications and data
are stored in memory
© Pearson Education Computer Forensics: Principles and Practices
8
Job and Device Management




Computers can execute only one instruction
at a time per processor or CPU
The OS controls the order in which tasks or
jobs are processed
The OS acts as an intermediary between
application software and physical hardware
The OS uses device drivers to manage
hardware devices
© Pearson Education Computer Forensics: Principles and Practices
9
Security


The primary method of security is to have the
user authenticate his credentials when he
logs into a system
Newer operating systems are implementing
rights and permissions to files and folders to
increase security of OS
© Pearson Education Computer Forensics: Principles and Practices
10
Common Operating Systems





DOS
Windows
Linux
UNIX
Macintosh
© Pearson Education Computer Forensics: Principles and Practices
11
DOS and Windows 3.X





DOS was one of the first personal computer
operating systems
Command-line interface required users to
know DOS commands and syntax
Windows 3.1 was the first stable GUI from
Microsoft
Windows 3.1 was an application on top of
DOS rather than a true operating system
Windows 3.11 added network capability
© Pearson Education Computer Forensics: Principles and Practices
12
Windows 95 and Windows 98

Windows 95
innovations include



Plug and play
Registry
Network and Internet
capability

Windows 98
enhancements include




© Pearson Education Computer Forensics: Principles and Practices
Power management
features
Upgrade capability via
the Internet
Automated registry
checks and repairs
Upgraded plug and play
support
13
Windows NT

Windows NT (New Technology) innovations
include:



Privileged mode, which allows NT to isolate
applications so one can be shut down without
affecting others
Support for multiple CPU processors
Multilayered security functions such as



File and folder access protection via permissions
Network share protection and auditing capability
Use of domain controllers
© Pearson Education Computer Forensics: Principles and Practices
14
Windows 2000

Windows 2000 based on NT technology with
some improvements in the areas of security
and networking:



Group policies
Secure authentication
File encryption
© Pearson Education Computer Forensics: Principles and Practices
15
Windows XP





Same kernel as Windows 2000
New GUI, simple firewall, remote control
access, and increased speed of OS
Versions: XP Home, XP Professional
Server versions: Server 2003
XP Home is the upgrade path from Windows
ME
© Pearson Education Computer Forensics: Principles and Practices
16
Windows Vista and 7








Various versions of each created
Updated GUI and search function
Improved backup and restore features (shadow copies
and restore points)
Improved home networking and peer-to-peer
communication features
New version of .NET Framework built-in
Improved security to stop common exploits and
vulnerabilities
Logical disk manager allows shrinking volumes
Virtual hard disk support (Win 7)
© Pearson Education Computer Forensics: Principles and Practices
17
Linux


Linux is a relatively new OS based on the
UNIX OS
Linux advantages:




Free or inexpensive
Can run on older equipment
Can run a multitude of hardware platforms
Fast and stable
© Pearson Education Computer Forensics: Principles and Practices
18
UNIX


Most operating systems can trace their roots
to UNIX
Two main “camps” in the UNIX world:




Berkeley Software Distribution (BSD)
System V Release 4 (SVR4)
UNIX is a true multiuser multitasking OS
designed with security in mind
UNIX can use either a CLI or GUI
© Pearson Education Computer Forensics: Principles and Practices
19
Macintosh



Macintosh was the first stable GUI and still
the most intuitive GUI on the market
Initial Apple philosophy was tight control over
hardware and software
Recently Apple changed processors which
allows a Mac to also run Windows XP
© Pearson Education Computer Forensics: Principles and Practices
20
Common File System Types


Function of a file system is to manage files
and folders on a system
The OS performs the following to help with
this:





Partitions and formats storage devices
Creates a standard for naming files and folders
Maintains the integrity of files and folders
Provides for error recovery
Provides for security of the file system
© Pearson Education Computer Forensics: Principles and Practices
21
Common File System Types (Cont.)

FAT (file allocation table) file system



File allocation table is a directory the OS uses to
keep track of where files are
Root directory is the top directory on a FAT
system
FAT16



Uses 16 bits in the file allocation table
Uses the 3-character extension to identify file type
Can assign attributes to files and folders
© Pearson Education Computer Forensics: Principles and Practices
22
Common File System Types (Cont.)

FAT 32





Expands the capabilities of FAT 16
Designed to accommodate large hard drives
Designed to use space more efficiently
2 terabyte limit on partition size
4GB file size (double FAT 16)
© Pearson Education Computer Forensics: Principles and Practices
23
Common File System Types (Cont.)

NTFS (New Technology File System)
introduced the following features:







Long file name support
Ability to handle large storage devices
Built-in security controls
POSIX support
Volume striping
File compression
Master file table (MFT)
© Pearson Education Computer Forensics: Principles and Practices
24
Common File System Types (Cont.)

UNIX/Linux





Can handle many different file systems
UNIX file system (UFS) is most native format
Extended file system (EXT) is primarily used by
Linux
UNIX uses inodes, clearinghouses of information
about files on UNIX systems
To access the actual file system, a superblock is
created
© Pearson Education Computer Forensics: Principles and Practices
25
Summary



The operating system is the program that
controls the basic functions of a computer
The OS is the intermediary between the
hardware and the software of a computer
Two types of interfaces


Command line (CLI)
Graphical user (GUI)
© Pearson Education Computer Forensics: Principles and Practices
26
Summary (Cont.)

Functions basic to an OS:






File management
Memory management
Job management
Device management
Security management
There are a variety of operating systems:

Windows, UNIX/Linux, Macintosh, DOS
© Pearson Education Computer Forensics: Principles and Practices
27
Summary (Cont.)

Various file systems are used:

FAT16, FAT32, NTFS, EXT, UFS, etc.
© Pearson Education Computer Forensics: Principles and Practices
28