Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Published byAnna Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations."— Presentation transcript:

1 Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations

2 © Pearson Education Computer Forensics: Principles and Practices 2 Objectives Define and recognize an operating system Identify the different types of operating system interfaces Identify the different components of an operating system Understand and identify the different file systems

3 © Pearson Education Computer Forensics: Principles and Practices 3 Objectives (Cont.) Understand the OSI and TCP models Understand the basics of how data is transmitted on networks

4 © Pearson Education Computer Forensics: Principles and Practices 4 Introduction Hardware and software work together to run the computer. It is important to understand what operating system you are dealing with, in order to understand how and where data is stored on the storage device(s). This chapter provides this foundation, along with how data is communicated from host to host across a network.

5 © Pearson Education Computer Forensics: Principles and Practices 5 What Is an Operating System? Simply stated, an operating system is a program that controls how a computer functions  OS controls how data is accessed, saved, and organized on a storage device Core of the operating system is called the kernel

6 © Pearson Education Computer Forensics: Principles and Practices 6 Operating System Functions An operating system provides:  Some type of user interface  Single-user or multiple-user access to applications  File management  Memory management  Job management  Device management  Security

7 © Pearson Education Computer Forensics: Principles and Practices 7 Types of Interfaces A user interface is the way a user communicates with the computer User interface may also be known as a shell Two major interface types:  Graphical user interface (GUI)  Command-line interface (CLI)

8 © Pearson Education Computer Forensics: Principles and Practices 8 Categories of Use Single-user systems  Designed to be used by only one user  DOS is a single-user single-tasking system  Windows is a single-user multitasking system Multiple-user systems  Allow multiple users to access the same application  Servers and UNIX/Linux are multiple-user systems

9 © Pearson Education Computer Forensics: Principles and Practices 9 File and Memory Management The OS controls reading, writing, accessing, and modification of data Basic units of file management are files and folders or directories Memory management deals with temporary storage or use of applications and data The OS controls where applications and data are stored in memory

10 © Pearson Education Computer Forensics: Principles and Practices 10 Job and Device Management Computers can execute only one instruction at a time per processor or CPU The OS controls the order in which tasks or jobs are processed The OS acts as an intermediary between application software and physical hardware The OS uses device drivers to manage hardware devices

11 © Pearson Education Computer Forensics: Principles and Practices 11 Security The primary method of security is to have the user authenticate his credentials when he logs into a system Newer operating systems are implementing rights and permissions to files and folders to increase security of OS

12 © Pearson Education Computer Forensics: Principles and Practices 12 In Practice: Iraqi Computer Disks and Hard Drives Recovered Computer disks and hard drives recovered from Iraq and Afghanistan during Saddam Hussein’s regime  2 million items including: Handwritten notes Typed documents Audiotapes Videotapes CDs, floppy disks, and hard drives

13 © Pearson Education Computer Forensics: Principles and Practices 13 Common Operating Systems DOS Windows Linux UNIX Macintosh

14 © Pearson Education Computer Forensics: Principles and Practices 14 DOS and Windows 3.X DOS was one of the first personal computer operating systems Command-line interface required users to know DOS commands and syntax Windows 3.1 was the first stable GUI from Microsoft Windows 3.1 was an application on top of DOS rather than a true operating system Windows 3.11 added network capability

15 © Pearson Education Computer Forensics: Principles and Practices 15 Windows 95 and Windows 98 Windows 95 innovations include  Plug and play  Registry  Network and Internet capability Windows 98 enhancements include  Power management features  Upgrade capability via the Internet  Automated registry checks and repairs  Upgraded plug and play support

16 © Pearson Education Computer Forensics: Principles and Practices 16 Windows NT Windows NT (New Technology) innovations include:  Privileged mode, which allows NT to isolate applications so one can be shut down without affecting others  Support for multiple CPU processors  Multilayered security functions such as File and folder access protection via permissions Network share protection and auditing capability Use of domain controllers

17 © Pearson Education Computer Forensics: Principles and Practices 17 Windows 2000 Windows 2000 based on NT technology with some improvements in the areas of security and networking:  Group policies  Secure authentication  File encryption

18 © Pearson Education Computer Forensics: Principles and Practices 18 Windows XP Same kernel as Windows 2000 New GUI, simple firewall, remote control access, and increased speed of OS Versions: XP Home, XP Professional Server versions: Server 2003 XP Home is the upgrade path from Windows ME

19 © Pearson Education Computer Forensics: Principles and Practices 19 Linux Linux is a relatively new OS based on the UNIX OS Linux advantages:  Free or inexpensive  Can run on older equipment  Can run a multitude of hardware platforms  Fast and stable

20 © Pearson Education Computer Forensics: Principles and Practices 20 UNIX Most operating systems can trace their roots to UNIX Two main “camps” in the UNIX world:  Berkeley Software Distribution (BSD)  System V Release 4 (SVR4) UNIX is a true multiuser multitasking OS designed with security in mind UNIX can use either a CLI or GUI

21 © Pearson Education Computer Forensics: Principles and Practices 21 Macintosh Macintosh was the first stable GUI and still the most intuitive GUI on the market Initial Apple philosophy was tight control over hardware and software Recently Apple changed processors which allows a Mac to also run Windows XP

22 © Pearson Education Computer Forensics: Principles and Practices 22 Common File System Types Function of a file system is to manage files and folders on a system The OS performs the following to help with this:  Partitions and formats storage devices  Creates a standard for naming files and folders  Maintains the integrity of files and folders  Provides for error recovery  Provides for security of the file system

23 © Pearson Education Computer Forensics: Principles and Practices 23 Common File System Types (Cont.) FAT (file allocation table) file system  File allocation table is a directory the OS uses to keep track of where files are  Root directory is the top directory on a FAT system FAT16  Uses 16 bits in the file allocation table  Uses the 3-character extension to identify file type  Can assign attributes to files and folders

24 © Pearson Education Computer Forensics: Principles and Practices 24 Common File System Types (Cont.) FAT 32  Expands the capabilities of FAT 16  Designed to accommodate large hard drives  Designed to use space more efficiently  2 terabyte limit on partition size  4GB file size (double FAT 16)

25 © Pearson Education Computer Forensics: Principles and Practices 25 Common File System Types (Cont.) NTFS (New Technology File System) introduced the following features:  Long file name support  Ability to handle large storage devices  Built-in security controls  POSIX support  Volume striping  File compression  Master file table (MFT)

26 © Pearson Education Computer Forensics: Principles and Practices 26 Common File System Types (Cont.) UNIX/Linux  Can handle many different file systems  UNIX file system (UFS) is most native format  Extended file system (EXT) is primarily used by Linux  UNIX uses inodes, clearinghouses of information about files on UNIX systems  To access the actual file system, a superblock is created

27 © Pearson Education Computer Forensics: Principles and Practices 27 OSI Model Standard was needed for companies to communicate with each other via their computer systems OSI model released in 1984 Created by the International Organization for Standardization (ISO) OSI model breaks down complexity of data communications into a simple layered approach

28 © Pearson Education Computer Forensics: Principles and Practices 28 OSI Model (Cont.) Advantages of layered approach:  Different hardware/software vendors have a standard to follow for designing products  Collaboration between companies to develop network components is easier  Changes in one layer are not carried over into other layers  Network design is broken down into smaller, more manageable parts  Problem resolution is easier because problems are usually confined to a single layer

29 © Pearson Education Computer Forensics: Principles and Practices 29 OSI Model (Cont.) Layer 7: Application layer functions  Allows access to network services that support applications  Handles network access, flow control, and error recovery Layer 6: Presentation layer functions  Converts all formats into a common uniform format  Protocol and character conversion  Encryption/decryption

30 © Pearson Education Computer Forensics: Principles and Practices 30 OSI Model (Cont.) Layer 5: Session layer functions  Establishes identification to exclude non- communicating hosts  Establishes checkpoints  Manages data transmit times and length Layer 4: Transport layer functions  Regulates flow control  Uses acknowledgements  Enables error handling

31 © Pearson Education Computer Forensics: Principles and Practices 31 OSI Model (Cont.) Layer 3: Network layer functions  Logical addressing (IP addressing)  Translating logical addresses to physical addressing  Packet switching  Routing

32 © Pearson Education Computer Forensics: Principles and Practices 32 OSI Model (Cont.) Layer 2: Data link layer functions  Conversion of packets into raw bits  Error correction  Flow control Layer 1: Physical layer functions  Defines hardware standards  Transmits raw data over different mediums  Defines protocols on how to transmit raw data over different mediums

33 © Pearson Education Computer Forensics: Principles and Practices 33 OSI Model (Cont.) Data flow in the OSI model  Protocols that function at each layer on Host A communicate with the corresponding layer on Host B  Protocol data units (PDUs) are used to include header information on the packet being sent from host to host  Each layer depends on the layer below it for services, and each layer above adds PDUs via encapsulation

34 © Pearson Education Computer Forensics: Principles and Practices 34 TCP/IP Model De facto standard for communications Direct result of the Department of Defense efforts to require a protocol that could survive wartime situations and still communicate with other hosts via different communication mediums Has only four layers as compared to seven layers of OSI model

35 © Pearson Education Computer Forensics: Principles and Practices 35 TCP/IP Model (Cont.) OSI ModelTCP/IP Model Application Presentation Session Transport NetworkInternet Data Link Network Interface Physical

36 © Pearson Education Computer Forensics: Principles and Practices 36 TCP/IP Model (Cont.) Application layer combines application, presentation, and session layers of OSI model Transport layer similar to that in OSI model Internet layer corresponds to layer of same name in OSI model in form and function Network interface layer combines data link layer and physical layer of OSI model

37 © Pearson Education Computer Forensics: Principles and Practices 37 TCP/IP Model (Cont.) How data is transmitted on a network Switching networks  Packet switching  Circuit switching  Message switching

38 © Pearson Education Computer Forensics: Principles and Practices 38 Summary The operating system is the program that controls the basic functions of a computer The OS is the intermediary between the hardware and the software of a computer Two types of interfaces  Command line (CLI)  Graphical user (GUI)

39 © Pearson Education Computer Forensics: Principles and Practices 39 Summary (Cont.) Functions basic to an OS:  File management  Memory management  Job management  Device management  Security management There are a variety of operating systems:  Windows, UNIX/Linux, Macintosh, DOS

40 © Pearson Education Computer Forensics: Principles and Practices 40 Summary (Cont.) Various file systems are used:  FAT16, FAT32, NTFS, EXT, UFS, etc. OSI model standardized the method of transmitting data on a network using a seven- layer approach  Application, presentation, session, transport, network, data link, and physical

41 © Pearson Education Computer Forensics: Principles and Practices 41 Summary (Cont.) TCP/IP model consists of four layers:  Application, transport, Internet, network interface  De facto standard on the Internet Two address schemes are used to transmit data across networks  Logical addressing  Physical addressing

Download ppt "Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations."

Similar presentations

Operating-System Structures

Operating-System Structures
COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 3 Operating Systems.

COMPUTERS: TOOLS FOR AN INFORMATION AGE Chapter 3 Operating Systems.
Operating System Structures

Operating System Structures
OSI Model OSI MODEL.

OSI Model OSI MODEL.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Allocation Methods - Contiguous

Allocation Methods - Contiguous
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.
Operating Systems.

Operating Systems.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
OIS Model TCP/IP Model.

OIS Model TCP/IP Model.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.

AN INTRODUCTION TO LINUX OPERATING SYSTEM Zihui Han.
Operating System.

Operating System.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
Week 6 Operating Systems.

Week 6 Operating Systems.
Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.

Section 6.1 Explain the development of operating systems Differentiate between operating systems Section 6.2 Demonstrate knowledge of basic GUI components.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Lesson 4 Computer Software

Lesson 4 Computer Software

Similar presentations

Ads by Google