Lesson 5: Working with Windows and CLI Systems Flashcards
Alternate data streams: A feature in NTFS file system that allows attaching hidden streams of data to files. Example: An executable file with an alternate data stream containing malicious code.
American Standard Code for Information Interchange (ASCII): A character encoding standard for electronic communication. Example: A text file encoded in ASCII format.
Areal density: The number of bits that can be stored in a given area of a storage medium. Example: A hard drive with a high areal density can store more data in the same physical space.
Attribute ID: A unique identifier for a file system attribute. Example: $ATTRIBUTE_LIST is an attribute ID in NTFS file system.
Boot.ini: A configuration file used by Windows operating systems to define the boot options. Example: Changing the Boot.ini file can allow booting into different operating systems installed on the same computer.
BootSect.dos: A file created by Windows operating systems to provide compatibility with older operating systems that do not support the NTFS file system. Example: BootSect.dos is used by Windows to boot a computer that has a dual-boot configuration with an older operating system installed.
Bootstrap process: The initial process of loading an operating system into memory and preparing it for execution. Example: The BIOS bootstrap process loads the boot sector of the hard drive into memory and hands over control to the operating system
Clusters: A unit of disk space allocation used by file systems. Example: A file that is 20KB in size may occupy two 16KB clusters on a file system with a cluster size of 16KB.
Cylinder: A group of tracks on a hard drive that are located on the same radial position. Example: A hard drive with 8 cylinders may have 16 tracks per cylinder, resulting in a total of 128 tracks.
Data runs: A sequence of contiguous clusters that belong to a file. Example: A 10MB file may have data runs spanning multiple clusters on a file system.
Device drivers: Software programs that allow the operating system to communicate with hardware devices. Example: A video card driver that enables the operating system to display graphics on a monitor.
Drive slack: The unused space between the end of the file and the end of the last cluster occupied by the file. Example: A 5KB file that occupies a 16KB cluster on a file system will have 11KB of drive slack.
Encrypting File System (EFS): A feature in Windows operating systems that provides encryption for files and folders. Example: A user can encrypt a sensitive file using EFS to protect it from unauthorized access.
File Allocation Table (FAT): A file system used by early versions of Windows operating systems. Example: A USB drive formatted with the FAT file system can be used on different computers running Windows.
File slack: The unused space between the end of a file and the end of the last sector occupied by the file. Example: A 5KB file that occupies a 4KB sector on a file system will have 3KB of file slack.
File system: A method used by operating systems to organize and manage files on a storage device. Example: FAT and NTFS are file systems used by Windows operating systems.
Geometry: A parameter that defines the physical layout of a storage device. Example: A hard drive geometry may be described as 16 heads, 8 cylinders, and 128 sectors per track.
Hal.dll: A file in Windows operating systems that provides hardware abstraction layer functions. Example: Hal.dll may be corrupted, resulting in a Blue Screen of Death error.
Head: A component of a hard drive that reads and writes data on a platter. Example: A hard drive with 8 heads may have 8
What does CHS stand for?
Cylinder, Head, Sector
one bit recording is how disk manufacturers ensure that a platter’s outer tracks store as much data as possible. True or False?
True
Areal density refers to which of the following?
Number of bits per square inch of a disk platter
Clusters in Windows always begin numbering at what number?
2
How many sectors are typically in a cluster on a disk drive?
8 or more
list three items stored in the FAT database.
Cluster allocation information, file allocation information, root directory information
What does the Ntuser.dat file contain?
User-specific configuration settings
in FAT32, a 123 KB file uses how many sectors?
4
What is the space on a drive called when a file is deleted? (Choose all that apply.)
Unallocated space, free space
list two features NTFS has that FAT does not.
Support for file encryption, support for larger partition sizes
What does MFT stand for?
Master File Table
in NTFS, files smaller than 512 bytes are stored in the MFT. True or False?
True
In Windows 7 and later, how much data from RAM is loaded into RAM slack on a disk drive?
64KB
What’s a virtual cluster number?
A logical cluster number that refers to a cluster number in a sparse file
Why was EFI boot firmware developed?
To replace the traditional BIOS firmware
Device drivers contain what kind of information?
Instructions for how to communicate with specific hardware devices
Which of the following Windows 8 files contains user-specific information?
Ntuser.dat
Virtual machines have which of the following limitations when running on a host computer?
Virtual machines are limited to the host computer’s peripheral configurations, such as mouse, keyboard, CD/DVD drives, and other devices.
An image of a suspect drive can be loaded on a virtual machine. True or False?
True
EFS can encrypt which of the following?
Files, folders, and volumes
