Computer Data Expert The following slides are from a presentation developed to support/explain a Data Forensics expert testimony. Click or hit spacebar.

Slides:



Advertisements
Similar presentations
Intro to WinHex CSC 414.
Advertisements

Peripheral Storage Devices
Lesson 9 Types of Storage Devices.
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Types Of Storage Device
Operating Systems File Management.
Text Searches Slack Space Unallocated Space
SEMINAR ON FILE SLACK AND DISK SLACK
Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science.
Computer Forensics BACS 371
1 X-Ways Security: Permanent Erasure Supervised By: Dr. Lo’ai Tawalbeh Prepared By :Murad M. Ali.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
File System Analysis.
Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
1 CSCD 496 Computer Forensics Lecture 7 File Systems – Windows Winter 2010.
Basic File Recovery Techniques BACS 371 Computer Forensics.
Storage device.
Files & Partitions BACS 371 Computer Forensics. Data Hierarchy Computer Hard Disk Drive Partition File Physical File Logical File Cluster Sector Word.
 What is electronic data?  Information stored electronically, e.g. pictures, music, documents, etc.  Where can you store your data?  Cell phones 
Chapter 4 Operating Systems and File Management. 4 Chapter 4: Operating Systems and File Management 2 Chapter Contents  Section A: Operating System Basics.
Computer System Basics 2 Hard Drive Storage & File Partitions Computer Forensics BACS 371.
Course ILT Folder and file management Unit objectives Explore the contents of a hard disk and view file and folder attributes by using Windows Explorer.
PC Maintenance: Preparing for A+ Certification Chapter 29: Managing Files.
®® Microsoft Windows 7 for Power Users Tutorial 5 Comparing Windows 7 File Systems.
BACS 371 Computer Forensics
Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems David Goldschmidt, Ph.D.
 Identify problems that can occur if hardware is not properly maintained.  Identify routine maintenance that can be preformed by users.  Identify maintenance.
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
Bits, Bytes, Files, Hard Drives. Bits, Bytes, Letters and Words ● Bit – single piece of information ● Either a 0 or a 1 ● Byte – 8 bits of information.
C HAPTER 7 Managing Disk and File System. I NTRODUCING DISK MANAGEMENT 2 types of hard disk storage supported by Windows XP are: basic hard disk & dynamic.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 4: Organizing a Disk for Data.
File System Implementation Chapter 12. File system Organization Application programs Application programs Logical file system Logical file system manages.
File Systems Dr John Cowell phones off (please). Q 1 Which of the following statements about NTFS is NOT true? a) NTFS uses 64 bit addressing. b) Supports.
Chapter 3 Partitioning Drives using NTFS and FAT32 Prepared by: Khurram N. Shamsi.
Lesson 12: Using the Recycle Bin deleting files or folders what the Recycle Bin is restoring files from the Recycle Bin emptying the Recycle Bin identifying.
File Storage Organization The majority of space on a device is reserved for the storage of files. When files are created and modified physical blocks are.
By Wendell. Vocabulary  Cable management  Corona wire  Cookie  Defragmentation  Ergonomic keyboard  Fragmentation  Maintenance  Recycle bin 
DISK THEORY. Disk Theory n How information is stored on disk n How we can take advantage of that when bad things happen.
1 Floppy Drive Formatting ©Richard Goldman February, 2001.
DELETING TEMPORARY FILES 1.Click “Start” -> “Search” -> “All Files and Folder”. 2.In “All or Part of the file name” box enter “*.tmp” and click “Search”.
A disk drive is made up of a platter, an arm with a read/write head at the end of it, some gizmo to move the arm back and forth, and some electronics to.
CE Operating Systems Lecture 17 File systems – interface and implementation.
CS101 Storage Information Storage The zeros and ones in the input devices, output devices and process devices are in _______ form and are lost when the.
UNIX File System (UFS) Chapter Five.
Lesson 20: Managing Local Storage MOAC : Configuring Windows 8.1.
11.1 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 11.5 Free-Space Management Bit vector (n blocks) … 012n-1 bit[i] =  1  block[i]
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
COEN 252: Computer Forensics Hard Drive Evidence.
Disk storage systems Question#1 (True/False) A track is divided into multiple units called sectors.
Chapter 8 File Systems FAT 12/16/32. Defragmentation Defrag a hard drive – Control Panel  System and Security  Administration tools  Defrag hard drive.
Operating systems What is an operating system? A program that: Controls hardware Controls software Creates an interface between the hardware and the user.
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
Virtual Memory By CS147 Maheshpriya Venkata. Agenda Review Cache Memory Virtual Memory Paging Segmentation Configuration Of Virtual Memory Cache Memory.
Avast has always come up with the new features to stand amongst its competitors. Data Shredder is a feature which allows the user to remove or erase the.
Advanced Computer Forensics
Cleaning Up Your Hard Drive Space
Working with Disks Lesson 4.
Computer Literacy BASICS
Understanding File Management
File Management.
Forensic Concept of Data
Normal deletion Shift deletion
(Discussion and WS – Analysis of Electronic Data)
COEN 252: Computer Forensics
RDBMS Chapter 4.
Lesson 9 Types of Storage Devices.
COEN 252: Computer Forensics
Understanding Forensic Images
Digital Forensics Andrew Schierberg, Fort Mitchell Police, Schierberg LAw Jay Downs, Kenton County Police.
FAT File System.
Presentation transcript:

Computer Data Expert The following slides are from a presentation developed to support/explain a Data Forensics expert testimony. Click or hit spacebar to advance slides.

Hard Drive Data Storage Basics Bit - Byte (8 bits) Sector (512 bytes) - Cluster (4 sectors in this example) Hard Drive - as many clusters as drive geometry allows dependant on number of sectors in a cluster

When you write a file…  Starting at the “Master Boot Record” – Data is written to clusters around the hard disk into “unallocated” space. Master Boot Record

When you write a file…  Each time data is written to a cluster… – The entire cluster is marked “allocated” (occupied). UnallocatedSpace Full Cluster

When you write a file…  Each time data is written to a cluster… – The entire cluster is marked “allocated” (occupied). – Even if only one byte of data is actually used. UnallocatedSpace Entire Cluster is marked as “used” even though there is free space there is free space Full Cluster “SlackSpace”ActualData

Slack Space  This cluster is comprised of four 512-byte sectors, occupied by a file of approximately 2.5 sectors (1280 bytes) in length. File Sector Cluster

Slack Space  This cluster is comprised of four 512-byte sectors, occupied by a file of approximately 2.5 sectors (1280 bytes) in length.  The Remainder of Sector 3 and all of Sector 4 is “Slack Space.” Similar to an audio tape recording. Slack Space File Sector Cluster

When you delete files…  Multiple-step process Empty Bin (nofiles)

When you delete files…  Multiple-step process – Deleting moves files to the recycle bin Empty Bin Full Bin (containsfiles) (nofiles) FILEDELETED

When you delete files…  Multiple-step process – Deleting moves files to the recycle bin – Recycle bin must be manually emptied, with a confirmation dialog, to actually “delete” the files Delete Confirmation Dialog Empty Bin Full Bin (containsfiles) FILEDELETED

But are the files REALLY gone?  No — – But the files (data) are now in “unallocated” (unoccupied) clusters, and are available to be written over. – Although the files disappear to most users, the data remains, and is recoverable. Clusters marked “unallocated” by file system but data remains MasterBootRecord

How do you completely delete files?  Files are not fully deleted unless they are overwritten or the disk is actually “wiped.” Slack Space often includes portions of previous files Old File data Continues to exist until overwritten Sector Cluster

 A disk contains 2 files, – File 1 is 2 clusters What is file fragmentation? File 1 2 clusters

 A disk contains 2 files, – File 1 is 2 clusters – File 2 in 3 clusters What is file fragmentation? File 1 2 clusters File 2 3 clusters

 A disk contains 2 files, – File 1 is 2 clusters – File 2 in 3 clusters  File 1, a 2-cluster file, is deleted What is file fragmentation? 2 clusters become available File 2

 A disk contains 2 files, – File 1 is 2 clusters – File 2 in 3 clusters  File 1, a 2-cluster file, is Deleted  File 3, a 5-cluster file, is Saved – File 3 now exists in two file fragments What is file fragmentation? File 3 File 2 2 clusters 3 clusters FRAGMENTATION

Writing a file to a fragmented HDD  After use, fewer and fewer contiguous clusters remain. Most new files are saved with fragmentation, and disk fragmentation increases over time, while old file data remains in unallocated space. MasterBootRecord Old/Existing File Data New files are rarely in contiguous clusters as drive becomes fragmented.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.