OPERATING SYSTEMS Frans Sanen.  Use some tools capable of analyzing several file systems to understand their functioning  The Sleuth Kit (TSK) 

Slides:



Advertisements
Similar presentations
Text Searches Slack Space Unallocated Space
Advertisements

OPEN SOURCE TOOLS Dr. Abraham Professor UTPA. Open Source Freely redistributable Provides access to source code End user may modify source code.
The Sleuth Kit Brian Carrier Set of tools to analyze device images.
The Unix File System. What are the three parts of every file on a Unix filesystem? And where is each stored? Filename - stored in directories Inode -
Ext2/Ext3 Linux File System Reporter: Po-Liang, Wu.
File System Analysis.
Guide to Computer Forensics and Investigations Fourth Edition
X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.
Lecture 10: The FAT, VFAT, and NTFS Filesystems 6/17/2003 CSCE 590 Summer 2003.
Linux+ Guide to Linux Certification, Second Edition
Linux+ Guide to Linux Certification, Second Edition
Linux+ Guide to Linux Certification, Second Edition
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Guide To UNIX Using Linux Third Edition
Database Design IST 7-10 Presented by Miss Egan and Miss Richards.
Solaris Software Packaging and Installation Paul Foster 14/11/2000.
Sleuthkit/Autopsy Kevin Krause.
Linux Operations and Administration
BACS 371 Computer Forensics
Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Analyzing an Image using MAC Systems Sleuth kit version & Autopsy 2.24 Page 325 from “Guide to Computer Forensics and Investigations 4th edition”
F9-Common Forensic Analysis Techniques Dr. John P. Abraham Professor UTPA.
Ch 51 Internal Commands COPY and TYPE. Ch 52 Overview Will review file-naming rules.
Agenda User Profile File (.profile) –Keyword Shell Variables Linux (Unix) filters –Purpose –Commands: grep, sort, awk cut, tr, wc, spell.
Chapter Four UNIX File Processing. 2 Lesson A Extracting Information from Files.
Guide To UNIX Using Linux Fourth Edition
BIF703 stdin, stdout, stderr Redirection. stdin, stdout, stderr Recall the Unix philosophy “do one thing well”. Unix has over one thousand commands (utilities)
– Introduction to the Shell 10/1/2015 Introduction to the Shell – Session Introduction to the Shell – Session 2 · Permissions · Users.
Introduction to Unix (CA263) File Processing. Guide to UNIX Using Linux, Third Edition 2 Objectives Explain UNIX and Linux file processing Use basic file.
Linux+ Guide to Linux Certification, Third Edition
Bits, Bytes, Files, Hard Drives. Bits, Bytes, Letters and Words ● Bit – single piece of information ● Either a 0 or a 1 ● Byte – 8 bits of information.
1 Interface Two most common types of interfaces –SCSI: Small Computer Systems Interface (servers and high-performance desktops) –IDE/ATA: Integrated Drive.
Chapter 10: File-System Interface 10.1 Silberschatz, Galvin and Gagne ©2011 Operating System Concepts – 8 th Edition 2014.
Session 2 Wharton Summer Tech Camp Basic Unix. Agenda Cover basic UNIX commands and useful functions.
Week 3 Exploring Linux Filesystems. Objectives  Understand and navigate the Linux directory structure using relative and absolute pathnames  Describe.
Linux+ Guide to Linux Certification, Third Edition
UNIX Commands. Why UNIX Commands Are Noninteractive Command may take input from the output of another command (filters). May be scheduled to run at specific.
Investigation of a USB Storage Device (FAT16)
Agenda Link of the week Use of Virtual Machine Review week one lab assignment This week’s expected outcomes Review next lab assignments Break Out Problems.
1 © Copyright 2000 Ethel Schuster The Web… in 15 minutes Ethel Schuster
1 Comp 104: Operating Systems Concepts Files and Filestore Allocation.
Computational Boot Camp HTML Mike Schaffer. 8/23/2002 (MES) HTML What is HTML? HTML stands for HyperText Markup Language HTML is the language for publishing.
Linux+ Guide to Linux Certification, Third Edition
Manage Directories and Files in Linux Part 2. 2 Identify File Types in the Linux System The file types in Linux referred to as normal files and directories.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
OPERATING SYSTEMS Frans Sanen.  Analyze a FAT file system manually  FAT12 first and simplest version  Still used on smaller disks (e.g. floppies) 
Chapter 18 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of UNIX Systems.
File and Folder CLI Commands 12/24/ Agenda Overview of OS functions and the SHELL Internal v External Commands Command History Making & Modifying.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems File systems.
– Introduction to the Shell 1/21/2016 Introduction to the Shell – Session Introduction to the Shell – Session 3 · Job control · Start,
Agenda The Bourne Shell – Part II Special Characters Ambiguous File Reference Variable Names and Values User Created Variables Read-only Variables (Positional.
Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Linux+ Guide to Linux Certification, Second Edition Chapter 4 Exploring Linux Filesystems.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
File system and file structures
Linux+ Guide to Linux Certification, Second Edition
Package Administration 3/14/ Software package administration adds software to systems and removes software from systems Sun and its third-party.
File Management commands cat Cat command cat cal.txt cat command displays the contents of a file here cal.txt on screen (or standard out).
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
Linux Administration Working with the BASH Shell.
FILES AND EXCEPTIONS Topics Introduction to File Input and Output Using Loops to Process Files Processing Records Exceptions.
Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.
File Management.
Chapter Four UNIX File Processing.
Modern PC operating systems
Computer Forensics Lab 1 INFORMATION TECHNOLOGY DEPARTMENT LEBANESE FRENCH UNIVERSITY (LFU) COURSE CODE: IT402CF 1.
Lab 2: Information Retrieval
Disk Image Forensics Part II
Presentation transcript:

OPERATING SYSTEMS Frans Sanen

 Use some tools capable of analyzing several file systems to understand their functioning  The Sleuth Kit (TSK)  2

 To check the contents of a file system e.g. fls –f fat fat12.img  Inode number can be passed as an extra argument  Option –r tells fls to list the contents recursively  Option –l gives further information such as access times and file size 3

 To check the contents of a file E.g. icat –f fat fat12.img 229 > /tmp/vbje.jpg  Shell’s command redirection possibilites can be used to save binary data  Pipes also can be used  Option –r tries to recover a deleted file  Option –s will read the last block of the file entirely (contents of slack space become visible) 4

 To check the meta-data from a particular inode E.g. istat –f fat fat12.img 229 5

 ifind retrieves in which meta-data structure a certain block is allocated (cluster number gives us the inode) E.g. ifind –f fat –d 147 fat12.img  ffind searches for the filename of the file which belongs to a certain node E.g. ffind –f fat –d fat12.img 229

 Use the image practical.floppy.dd and  Verify the MD5 sum  2f e2af37cf196e6a72cc79d99  Create a list of all files (only files!) on the filesystem  Which sectors are occupied by the file matrixs3.jpg?  In fat12.img, a secret message is hidden  What is it and where is it hidden?  Tip: it contains the word “plezier”.  How can you display it using TSK? 7

 Sorts files in a file system by category  Perl script using fls and icat tools E.g. sorter –f fat –d tmp/sorter/ fat12.img E.g. cat tmp/sorter/unknown.txt  Text file per recognized file type is created  Option –s creates a directory besides every text file in which all categorized files are copied into 8

 In the example in the task description, sorter gives an extension mismatch: explain shortly.  Use sorter to export all files from the image pratical.floppy.dd.  Extra: Use sorter to only export the pictures out of the same image, but without extension mismatch check. 9

 Simple web interface build upon TSK tools  Normally not included in Knoppix  apt-get update  apt-get install foremost autopsy  Server can be started with command ‘autopsy’  Surf to 10

 sigfind looks for hexadecimal patterns (examples are included in task description)  Similar to grep for ASCII patterns  foremost supports filecarving for different file types like jpg, gif, pdf, doc, etc.  E.g. foremost –t jpg –o tmp/jpgs fat12.img 11

 Suppose you are looking for jpg files. Why should you use both a tool like sorter and a tool like foremost?  Describe a situation in which sorter skips or not correctly finds a certain jpg when the jpg physically exists on disk.  Validate your thoughts on image 8 from 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.