Computer Forensics and Investigations
Chapter 6 - Working with Windows and DOS Systems
Objectives
- Explain the purpose and structure of file systems
- DescribeMicrosoft file structures
- Explain the structure of New Technology File System (NTSF) disk
- List some options for decrypting drives encrypted with whole disk encryption
- Explain how the Windows Registry works
- Describe Microsoft startup task
- Describe MS-DOS startup task
- Explain the purpose of a virtual machine
Introduction
This chapter reviews how data is stored and managed on Microsoft operating systems (OSs). To become proficient in recovering data for computer investigations, you should understand file systems and their operating systems, including legacy and current OSs. You will examine tasks an OS performs when it starts so that you can avoid altering evidence when you examine the drive. You will also learn how to use a Virtual PC environment to further analyze Windows digital evidence.
Instructions
- Read chapter 6
- Do review questions 1 thru 24, and turn in
- Do Hands on PRojects 6-1 thru 6-4
- Do Case Projects 6-1 and 6-2
Documents |
Additional Resources
|