WINDOWS SYSTEMS AND ARTIFACTS John P. Abraham Professor UTPA.

Slides:



Advertisements
Similar presentations
IT Technical Support South Nottingham College. Aims Knowledge of the Registry Discuss the tools available to support a technician Gain an understanding.
Advertisements

®® Microsoft Windows 7 for Power Users Tutorial 6 Optimizing Your Hard Disk.
FILE SYSTEMS. File Names 1 to 255 characters in length  This includes the path You can use uppercase and lowercase (case-aware, but not case-sensitive)
Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.
COS/PSA 413 Day 3. Guide to Computer Forensics and Investigations, 2e2 Agenda Questions? Assignment 1 due Lab Write-ups (project 2-1 and 2-2) due next.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
File System Variations and Software Caching May 19, 2000 Instructor: Gary Kimura.
Wince File systems. File system on embedded File system choice on embedded is important –File system size can be an issue –Different media are used –
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Maintaining and Updating Windows Server 2008
Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.
Chapter 11 Basic Windows and Windows Commands. Overview of what an Operating System does To identify and use common desktop and home screen icons To manipulate.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.
Operating System & Application Files BACS 371 Computer Forensics.
OS and Application Files BACS 371 Computer Forensics.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Working with Workgroups and Domains
Objectives Learn what a file system does
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
Computer Concepts 2013 Chapter 4 Operating Systems and File Management.
®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.
BACS 371 Computer Forensics
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.
© 2015 by McGraw-Hill Education. This proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.
Operating Systems Concepts 1/e Ruth Watson Chapter 2 Chapter 2 Windows File and Environment Ruth Watson.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.
Mastering Windows Network Forensics and Investigation Chapter 7: Windows File Systems.
Software Utilities Pages 65 to 73 Looking After Your Computer Nick Sims.
Operating Systems Advanced OS - E. OS Advanced Evaluating an Operating System.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Windows NT Chapter 13 Key Terms By Bill Ward NT Versions NT Workstation n A desktop PC that both accesses a network and works as a stand alone PC NT.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 13 Understanding and Installing Windows 2000 and Windows NT.
File System Management File system management encompasses the provision of a way to store your data in a computer, as well as a way for you to find and.
Windows NTFS Introduction to Operating Systems: Module 15.
File Systems Dr John Cowell phones off (please). Q 1 Which of the following statements about NTFS is NOT true? a) NTFS uses 64 bit addressing. b) Supports.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Guest Lecture September 21, 2009.
Chapter 3 Partitioning Drives using NTFS and FAT32 Prepared by: Khurram N. Shamsi.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 13 Understanding and Installing Windows 2000 and Windows NT.
Overview Managing a DHCP Database Monitoring DHCP
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Unit OS8: File System 8.6. Lab Manual. 2 Copyright Notice © David A. Solomon and Mark Russinovich These materials are part of the Windows Operating.
IT320 OPERATING SYSTEM CONCEPTS Unit 7: File Management May 2012 Kaplan University 1.
FAT File Allocation Table
NTFS 5.0 By Jeffrey Richter and Luis Felipe Cabrera From the Microsoft Systems Journal Presented by Stylianos Paparizos.
Module 10: Implementing Administrative Templates and Audit Policy.
I T Essentials I Chapter 5 JEOPARDY Installing & UpgradingComputerBasicsErrorsServicePotpourri
IT320 OPERATING SYSTEM CONCEPTS Unit 7: File Management July 2011 Kaplan University 1.
Understand Audit Policies LESSON Security Fundamentals.
Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Maintaining and Updating Windows Server 2008 Lesson 8.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
Investigations 2016 First semester [ 12 week ]-Forensic Analysis of the Windows 7 Registry.
Windows XP File Systems
File System API Calls in Windows 2000 (1)
Under the Windows Desktop
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Lesson 16-Windows NT Security Issues
Application Prefetch Files Prefetch Files
Windows Registry: Introduction
Thursday April 19, 2018 (Discussion – Storing and Retrieving Data, Processing the Electronic Crime Scene)
Presentation transcript:

WINDOWS SYSTEMS AND ARTIFACTS John P. Abraham Professor UTPA

Windows file systems FAT (file allocation table) and NTFS (new technology file system) NTFS has the ability to set access control lists on file objects, journaling, and compression. MFT (master file table) – every file and directory has an MFT entry. The location of the starting sector of MFT can be found in the boot sector of the disk. More info: us/library/windows/desktop/aa365230(v=vs.85).aspxhttp://msdn.microsoft.com/en- us/library/windows/desktop/aa365230(v=vs.85).aspx

NTFS Alternate data streams This was included to support Macintosh hierarchical file system. Intruders can hide files using this without you detecting it with dir commands. Use dir /r Tutorial:

Windows Registry Windows configuration database It records information specific to users and tracks an user’s activity. Regedit is the utility we can use to view. Registry files are located in the config directory of the windows system. User profiles are found in NTUSER.DAT and USRCLASS.DAT More info: us/library/windows/desktop/ms724946(v=vs.85).aspxhttp://msdn.microsoft.com/en- us/library/windows/desktop/ms724946(v=vs.85).aspx

Windows registry Forensics Here is a tutorial: analysis-windows-registryhttp:// analysis-windows-registry Instead of reading papers (next two) I am assigning you to read this 16 page tutorial and write a summary of each page. RegRipper is a utility that Harlan Carvey (one of the authors of your lab book)

Event Logs Windows has a built-in event viewer. ( Additional event log viewers can be downloaded from google.) To launch: Right click on computer, manage, event viewer. OR Start, Run, type in: eventvwr.msc You will see APPLICATION, SECURITY, SETUP AND SYSTEM categories. Click on each and look at the events. There are several tutorials available on the web to help you understand these logs.

Prefetch files Windows keeps tracks of programs used during the session and saves it to a prefetch file located in the windows\prefetch directory. It allows to load regularly used programs faster. When an application is launched a prefetch file for that application is created. The name of the appliation along with a hashed path where the program is actually located is stored in the name of the file. For forensic examination, when a prefetch file is found, it means that program was run on that computer and can provide last run date and time.

Shortcut files File extension.lnk (LNK files) This can be used to demonstrate access to files, particularly those on the network.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.