MODULE 3 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards
Disk Operating System
The first computers did not have modern storage devices such as hard drives, optical drives, or flash storage.
The first storage methods used punch cards, paper tape, magnetic tape, and even audio cassettes.
Floppy disk and hard disk storage require software to read from, write to, and manage the data that they store.
The Disk Operating System (DOS) is an operating system that the computer uses to enable these data storage devices to read and write files.
DOS provides a file system which organizes the files in a specific way on the disk.
Microsoft bought DOS and developed MS-DOS.
MS-DOS used a command line as the interface for people to create programs and manipulate data files, as shown in the command output. DOS commands are shown in bold text.
https://snipboard.io/12QA0e.jpg
With MS-DOS, the computer had a basic working knowledge of how to access the disk drive and load the operating system files directly from disk as part of the boot process.
When it was loaded, MS-DOS could easily access the disk because it was built into the operating system.
Early versions of Windows consisted of a Graphical User Interface (GUI) that ran over MS-DOS, starting with Windows 1.0 in 1985.
The disk operating system still controlled the computer and its hardware. A modern operating system like Windows 10 is not considered a disk operating system.
It is built on Windows NT, which stands for “New Technologies”. The operating system itself is in direct control of the computer and its hardware. NT is an OS with support for multiple user processes.
This is much different than the single-process, single-user MS-DOS.
Today, many things that used to be accomplished through the command line interface of MS-DOS can be accomplished in the Windows GUI.
You can still experience what it was like to use MS-DOS by opening a command window, but what you see is no longer MS-DOS, it is a function of Windows.
To experience a little of what it was like to work in MS-DOS, open a command window by typing cmd in Windows Search and pressing Enter.
The table lists some commands that you can use. Enter help followed by the command to learn more about the command.
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
dir:
Shows a listing of all the files in the current directory (folder)
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
cd directory :
Changes the directory to the indicated directory
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
cd .. :
Changes the directory to the directory above the current directory
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
cd \
Changes the directory to the root directory (often C:)
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
copy source destination :
Copies files to another location
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
del filename :
Deletes one or more files
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
find :
Searches for text in files
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
mkdir directory :
Creates a new directory
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
ren oldname newname :
Renames a file
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
help :
Displays all the commands that can be used, with a brief description
The table lists some commands that you can use. :
– dir
– cd directory
– cd ..
– cd \
– copy source destination
– del filename
– find
– mkdir directory
– ren oldname newname
– help
– help command
help command :
Displays extensive help for the indicated command
Windows Versions Since 1993, there have been more than 20 releases of Windows that are based on the NT operating system.
Most of these versions were for use by the general public and businesses because of the file security offered by the file system that was used by the NT OS.
Businesses also adopted NT OS-based Windows operating systems. This is because many editions were built specifically for workstation, professional, server, advanced server, and datacenter server, to name just a few of the many purpose-built versions.
Windows Versions :
Beginning with Windows XP, a 64-bit edition was available. The 64-bit operating system was an entirely new architecture. It had a 64-bit address space instead of a 32-bit address space. This is not simply twice the amount of space because these bits are binary numbers.
While 32-bit Windows can address a little less than 4 GB of RAM, 64-bit Windows can theoretically address 16.8 million terabytes. When the OS and the hardware all support 64-bit operation, extremely large data sets can be used.
These large data sets include very large databases, scientific computing, and manipulation of high definition digital video with special effects. In general, 64-bit computers and operating systems are backward-compatible with older, 32-bit programs, but 64-bit programs cannot be run on older, 32-bit hardware.
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows 7 :
Starter, Home Basic, Home Premium, Professional, Enterprise, Ultimate
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows Server 2008 R2 :
Foundation, Standard, Enterprise, Datacenter, Web Server, HPC Server, Itanium-Based Systems
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows Home Server 2011 :
None
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows 8 :
Windows 8, Windows 8 Pro, Windows 8 Enterprise, Windows RT
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows Server 2012 :
Foundation, Essentials, Standard, Datacenter
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows 8.1 :
Windows 8.1, Windows 8.1 Pro, Windows 8.1 Enterprise, Windows RT 8.1
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows Server 2012 R2 :
Foundation, Essentials, Standard, Datacenter
Windows Versions With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows 10 :
Home, Pro, Pro Education, Enterprise, Education, loT Core, Mobile, Mobile Enterprise
Windows Versions
With each subsequent release of Windows, the operating system has become more refined by incorporating more features. Windows 7 was offered with six different editions, Windows 8 with as many as five, and Windows 10 with eight different editions! Each edition not only offers different capabilities, but also different price points. Microsoft has said that Windows 10 is the last version of Windows, and that Windows has become a service rather than just an OS. They say that rather than purchasing new operating systems, users will just update Windows 10 instead.
The table lists common Windows versions.
– Windows 7
– Windows Server 2008 R2
– Windows Home Server 2011
– Windows 8
– Windows Server 2012
– Windows 8.1
– Windows Server 2012 R2
– Windows 10
– Windows Server 2016
Windows Server 2016 :
Essentials, Standard, Datacenter, Multipoint Premium Server, Storage Server, Hyper-V Server
Windows GUI :
Windows has a graphical user interface (GUI) for users to work with data files and software. The GUI has a main area that is known as the Desktop, shown in the figure.
https://snipboard.io/ySFfVb.jpg
https://snipboard.io/ySFfVb.jpg
The Desktop can be customized with various colors and background images. Windows supports multiple users, so each user can customize the Desktop to their liking.
The Desktop can store files, folders, shortcuts to locations and programs, and applications. The Desktop also has a recycle bin icon, where files are stored when the user deletes them. Files can be restored from the recycle bin or the recycle bin can be emptied of files, which truly deletes them.
https://snipboard.io/ySFfVb.jpg :
At the bottom of the desktop is the Task Bar. The Task Bar has three areas that are used for different purposes. At the left is the Start menu.
It is used to access all of the installed programs, configuration options, and the search feature. At the center of the Task Bar, users place quick launch icons that run specific programs or open specific folders when they are clicked. Finally, on the right of the Task Bar is the notification area.
The notification area shows, at a glance, the functionality of many different programs and features.
For example, a blinking envelope icon may indicate new email, or a network icon with a red “x” may indicate a problem with the network.
Often, right-clicking an icon will bring up additional functions that can be used. This list is known as a Context Menu, shown in the figure.
https://snipboard.io/l8TtC6.jpg
Often, right-clicking an icon will bring up additional functions that can be used. This list is known as a Context Menu, shown in the figure.
https://snipboard.io/l8TtC6.jpg
There are Context Menus for the icons in the notification area, for quick launch icons, system configuration icons, and for files and folders.
The Context Menu provides many of the most commonly used functions by just clicking.
For example, the Context Menu for a file will contain such items as copy, delete, share, and print. To open folders and manipulate files, Windows uses the Windows File Explorer.
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities. A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information.
To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
Virus or malware protection :
By default, Windows uses Windows Defender for malware protection. Windows Defender provides a suite of protection tools built into the system. If Windows Defender is turned off, the system becomes more vulnerable to attacks and malware.
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities. A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information.
To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
Unknown or unmanaged services :
There are many services that run behind the scenes. It is important to make sure that each service is identifiable and safe. With an unknown service running in the background, the computer can be vulnerable to attack.
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities.
A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information.
To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
Encryption :
When data is not encrypted, it can easily be gathered and exploited. This is not only important for desktop computers, but especially mobile devices.
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities.
A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information. To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
Security policy :
A good security policy must be configured and followed.
Many settings in the Windows Security Policy control can prevent attacks.
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities.
A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information.
To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
Firewall :
By default, Windows uses Windows Firewall to limit communication with devices on the network.
Over time, rules may no longer apply. For example, a port may be left open that should no longer be readily available.
It is important to review firewall settings periodically to ensure that the rules are still applicable and remove any that no longer apply
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities.
A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information.
To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
File and share permissions :
These permissions must be set correctly.
It is easy to just give the “Everyone” group Full Control, but this allows all people to do what they want to all files.
It is best to provide each user or group with the minimum necessary permissions for all files and folders.
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities.
A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information.
To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
Weak or no password :
Many people choose weak passwords or do not use a password at all.
It is especially important to make sure that all accounts, especially the Administrator account, have a very strong password.
Operating System Vulnerabilities
Operating systems consist of millions of lines of code. Installed software can also contain millions of lines of code. With all this code comes vulnerabilities.
A vulnerability is some flaw or weakness that can be exploited by an attacker to reduce the viability of a computer’s information.
To take advantage of an operating system vulnerability, the attacker must use a technique or a tool to exploit the vulnerability.
The attacker can then use the vulnerability to get the computer to act in a fashion outside of its intended design. In general, the goal is to gain unauthorized control of the computer, change permissions, or to manipulate or steal data.
The table lists some common Windows OS Security recommendations.
– Virus or malware protection
– Unknown or unmanaged services
– Encryption
– Security policy
– Firewall
– File and share permissions
– Weak or no password
– Login as Administrator
Login as Administrator :
When a user logs in as an administrator, any program that they run will have the privileges of that account.
It is best to log in as a Standard User and only use the administrator password to accomplish certain tasks.
Windows Architecture and Operations
Hardware Abstraction Layer Windows computers use many different types of hardware. The operating system can be installed on a purchased computer or a on computer that is assembled by the user.
When the operating system is installed, it must be isolated from differences in hardware. The basic Windows architecture is shown in the figure.
https://snipboard.io/06Wolj.jpg
A hardware abstraction layer (HAL) is software that handles all of the communication between the hardware and the kernel.
The kernel is the core of the operating system and has control over the entire computer. It handles all of the input and output requests, memory, and all of the peripherals connected to the computer.
In some instances, the kernel still communicates with the hardware directly, so it is not completely independent of the HAL. The HAL also needs the kernel to perform some functions.
User Mode and Kernel Mode As identified in the figure, there are two different modes in which a CPU operates when the computer has Windows installed: the user mode and the kernel mode.
https://snipboard.io/7KXgOB.jpg
Installed applications run in user mode, and operating system code runs in kernel mode. Code that is executing in kernel mode has unrestricted access to the underlying hardware and is capable of executing any CPU instruction.
Kernel mode code also can reference any memory address directly. Generally reserved for the most trusted functions of the OS, crashes in code running in kernel mode stop the operation of the entire computer.
Conversely, programs such as user applications, run in user mode and have no direct access to hardware or memory locations. User mode code must go through the operating system to access hardware resources.
Because of the isolation provided by user mode, crashes in user mode are restricted to the application only and are recoverable.
Most of the programs in Windows run in user mode. Device drivers, pieces of software that allow the operating system and a device to communicate, may run in either kernel or user mode, depending on the driver.
Installed applications run in user mode, and operating system code runs in kernel mode. Code that is executing in kernel mode has unrestricted access to the underlying hardware and is capable of executing any CPU instruction.
Kernel mode code also can reference any memory address directly. Generally reserved for the most trusted functions of the OS, crashes in code running in kernel mode stop the operation of the entire computer.
Conversely, programs such as user applications, run in user mode and have no direct access to hardware or memory locations. User mode code must go through the operating system to access hardware resources.
Because of the isolation provided by user mode, crashes in user mode are restricted to the application only and are recoverable.
Most of the programs in Windows run in user mode. Device drivers, pieces of software that allow the operating system and a device to communicate, may run in either kernel or user mode, depending on the driver.
All of the code that runs in kernel mode uses the same address space. Kernel-mode drivers have no isolation from the operating system.
If an error occurs with the driver running in kernel mode, and it writes to the wrong address space, the operating system or another kernel-mode driver could be adversely affected.
In this respect, the driver might crash, causing the entire operating system to crash.
All of the code that runs in kernel mode uses the same address space. Kernel-mode drivers have no isolation from the operating system.
If an error occurs with the driver running in kernel mode, and it writes to the wrong address space, the operating system or another kernel-mode driver could be adversely affected.
In this respect, the driver might crash, causing the entire operating system to crash.
When user mode code runs, it is granted its own restricted address space by the kernel, along with a process created specifically for the application.
The reason for this functionality is mainly to prevent applications from changing operating system code that is running at the same time.
By having its own process, that application has its own private address space, rendering other applications unable to modify the data in it.
This also helps to prevent the operating system and other applications from crashing if that application crashes.
Windows File Systems :
A file system is how information is organized on storage media. Some file systems may be a better choice to use than others, depending on the type of media that will be used.
The table lists the file systems that Windows supports.
– exFAT
– Hierarchical File System Plus (HFS+)
– Extended File System (EXT)
– New Technology File System (NTFS)
exFAT :
This is a simple file system supported by many different operating systems.
FAT has limitations to the number of partitions, partition sizes, and file sizes that it can address, so it is not usually used for hard drives (HDs) or solid-state drives (SSDs) anymore.
Both FAT16 and FAT32 are available to use, with FAT32 being the most common because it has many fewer restrictions than FAT16.
Windows File Systems :
A file system is how information is organized on storage media. Some file systems may be a better choice to use than others, depending on the type of media that will be used. The table lists the file systems that Windows supports.
– exFAT
– Hierarchical File System Plus (HFS+)
– Extended File System (EXT)
– New Technology File System (NTFS)
Hierarchical File System Plus (HFS+) :
This file system is used on MAC OS X computers and allows much longer filenames, file sizes, and partition sizes than previous file systems.
Although it is not supported by Windows without special software, Windows is able to read data from HFS+ partitions.
Windows File Systems :
A file system is how information is organized on storage media. Some file systems may be a better choice to use than others, depending on the type of media that will be used.
The table lists the file systems that Windows supports.
– exFAT
– Hierarchical File System Plus (HFS+)
– Extended File System (EXT)
– New Technology File System (NTFS)
Extended File System (EXT) :
This file system is used with Linux-based computers. Although it is not supported by Windows, Windows is able to read data from EXT partitions with special software.
Windows File Systems :
A file system is how information is organized on storage media. Some file systems may be a better choice to use than others, depending on the type of media that will be used.
The table lists the file systems that Windows supports.
– exFAT
– Hierarchical File System Plus (HFS+)
– Extended File System (EXT)
– New Technology File System (NTFS)
New Technology File System (NTFS) :
This is the most commonly used file system when installing Windows. All versions of Windows and Linux support NTFS. Mac-OS X computers can only read an NTFS partition. They are able to write to an NTFS partition after installing special drivers. NTFS is the most widely used file system for Windows for many reasons.
NTFS supports very large files and partitions and it is very compatible with other operating systems. NTFS is also very reliable and supports recovery features.
Most importantly, it supports many security features. Data access control is achieved through security descriptors. These security descriptors contain file ownership and permissions all the way down to the file level.
NTFS also tracks many time stamps to track file activity. Sometimes referred to as MACE, the timestamps Modify, Access, Create, and Entry Modified are often used in forensic investigations to determine the history of a file or folder.
NTFS also supports file system encryption to secure the entire storage media.
Before a storage device such as a disk can be used, it must be formatted with a file system. In turn, before a file system can be put into place on a storage device, the device needs to be partitioned.
A hard drive is divided into areas called partitions.
Each partition is a logical storage unit that can be formatted to store information, such as data files or applications.
During the installation process, most operating systems automatically partition and format the available drive space with a file system such as NTFS.
NTFS formatting creates important structures on the disk for file storage, and tables for recording the locations of files:
– Partition Boot Sector
– Master File Table (MFT)
– System Files
– File Area
NTFS formatting creates important structures on the disk for file storage, and tables for recording the locations of files:
– Partition Boot Sector
– Master File Table (MFT)
– System Files
– File Area
Partition Boot Sector :
This is the first 16 sectors of the drive. It contains the location of the Master File Table (MFT). The last 16 sectors contain a copy of the boot sector.
NTFS formatting creates important structures on the disk for file storage, and tables for recording the locations of files:
– Partition Boot Sector
– Master File Table (MFT)
– System Files
– File Area
Master File Table (MFT) :
This table contains the locations of all the files and directories on the partition, including file attributes such as security information and timestamps.
NTFS formatting creates important structures on the disk for file storage, and tables for recording the locations of files:
– Partition Boot Sector
– Master File Table (MFT)
– System Files
– File Area
System Files :
These are hidden files that store information about other volumes and file attributes.
NTFS formatting creates important structures on the disk for file storage, and tables for recording the locations of files:
– Partition Boot Sector
– Master File Table (MFT)
– System Files
– File Area
File Area :
The main area of the partition where files and directories are stored. Note: When formatting a partition, the previous data may still be recoverable because not all the data is completely removed.
The free space can be examined, and files can be retrieved which can compromise security. It is recommended to perform a secure wipe on a drive that is being reused.
The secure wipe will write data to the entire drive multiple times to ensure there is no remaining data.
Alternate Data Streams NTFS stores files as a series of attributes, such as the name of the file, or a timestamp. The data which the file contains is stored in the attribute $DATA, and is known as a data stream.
By using NTFS, you can connect Alternate Data Streams (ADSs) to the file.
This is sometimes used by applications that are storing additional information about the file. The ADS is an important factor when discussing malware.
This is because it is easy to hide data in an ADS. An attacker could store malicious code within an ADS that can then be called from a different file.
In the NTFS file system, a file with an ADS is identified after the filename and a colon, for example, Testfile.txt:ADS.
This filename indicates an ADS called ADS is associated with the file called Testfile.txt. An example of ADS is shown in the command output.
https://snipboard.io/Zy2qLW.jpg
In the output: The first command places the text “Alternate Data Here” into an ADS of the file Testfile.txt called “ADS”. After that, dir, shows that the file was created, but the ADS is not visible.
The next command shows that there is data in the Testfile.txt:ADS data stream. The last command shows the ADS of the Testfile.txt file because the r switch was used with the dir command.
Windows Boot Process :
Many actions occur between the time that the computer power button is pressed and Windows is fully loaded, as shown in the figure. This is known as the Windows Boot process.
https://snipboard.io/5e4t9y.jpg
Two types of computer firmware exist:
– Basic Input-Output System (BIOS)
– Unified Extensible Firmware Interface (UEFI)
Two types of computer firmware exist:
– Basic Input-Output System (BIOS)
– Unified Extensible Firmware Interface (UEFI)
Basic Input-Output System (BIOS) :
BIOS firmware was created in the early 1980s and works in the same way it did when it was created.
As computers evolved, it became difficult for BIOS firmware to support all the new features requested by users.
Two types of computer firmware exist:
– Basic Input-Output System (BIOS)
– Unified Extensible Firmware Interface (UEFI)
Unified Extensible Firmware Interface (UEFI) :
UEFI was designed to replace BIOS and support the new features.
In BIOS firmware, the process begins with the BIOS initialization phase.
This is when hardware devices are initialized and a power on self-test (POST) is performed to make sure all of these devices are communicating.
When the system disk is discovered, the POST ends. The last instruction in the POST is to look for the master boot record (MBR).
The MBR contains a small program that is responsible for locating and loading the operating system.
The BIOS executes this code and the operating system starts to load. In contrast to BIOS firmware, UEFI firmware has a lot of visibility into the boot process.
UEFI boots by loading EFI program files, stored as .efi files in a special disk partition, known as the EFI System Partition (ESP).
Note: A computer that uses UEFI stores boot code in the firmware. This helps to increase the security of the computer at boot time because the computer goes directly into protected mode.
The MBR contains a small program that is responsible for locating and loading the operating system. The BIOS executes this code and the operating system starts to load.
In contrast to BIOS firmware, UEFI firmware has a lot of visibility into the boot process. UEFI boots by loading EFI program files, stored as .efi files in a special disk partition, known as the EFI System Partition (ESP).
Note: A computer that uses UEFI stores boot code in the firmware. This helps to increase the security of the computer at boot time because the computer goes directly into protected mode.
Whether the firmware is BIOS or UEFI, after a valid Windows installation is located, the Bootmgr.exe file is run. Bootmgr.exe switches the system from real mode to protected mode so that all of the system memory can be used. Bootmgr.exe reads the Boot Configuration Database (BCD).
The BCD contains any additional code needed to start the computer, along with an indication of whether the computer is coming out of hibernation, or if this is a cold start.
If the computer is coming out of hibernation, the boot process continues with Winresume.exe. This allows the computer to read the Hiberfil.sys file which contains the state of the computer when it was put into hibernation.
Whether the firmware is BIOS or UEFI, after a valid Windows installation is located, the Bootmgr.exe file is run.
Bootmgr.exe switches the system from real mode to protected mode so that all of the system memory can be used. Bootmgr.exe reads the Boot Configuration Database (BCD).
The BCD contains any additional code needed to start the computer, along with an indication of whether the computer is coming out of hibernation, or if this is a cold start. If the computer is coming out of hibernation, the boot process continues with Winresume.exe.
This allows the computer to read the Hiberfil.sys file which contains the state of the computer when it was put into hibernation.
If the computer is being booted from a cold start, then the Winload.exe file is loaded. The Winload.exe file creates a record of the hardware configuration in the registry.
The registry is a record of all of the settings, options, hardware, and software the computer has. The registry will be explored in depth later in this chapter.
Winload.exe also uses Kernel Mode Code Signing (KMCS) to make sure that all drivers are digitally signed. This ensures that the drivers are safe to load as the computer starts.
After the drivers have been examined, Winload.exe runs Ntoskrnl.exe which starts the Windows kernel and sets up the HAL.
Finally, the Session Manager Subsystem (SMSS) reads the registry to create the user environment, start the Winlogon service, and prepare each user’s desktop as they log on.
Windows Startup There are two important registry items that are used to automatically start applications and services:
– HKEY_LOCAL_MACHINE
– HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE :
Several aspects of Windows configuration are stored in this key, including information about services that start with each boot.
Windows Startup There are two important registry items that are used to automatically start applications and services:
– HKEY_LOCAL_MACHINE
– HKEY_CURRENT_USER
HKEY_CURRENT_USER :
Several aspects related to the logged in user are stored in this key, including information about services that start only when the user logs on to the computer.
Different entries in these registry locations define which services and applications will start, as indicated by their entry type.
These types include Run, RunOnce, RunServices, RunServicesOnce, and Userinit. These entries can be manually entered into the registry, but it is much safer to use the Msconfig.exe tool.
This tool is used to view and change all of the start-up options for the computer. Use the search box to find and open the Msconfig tool. The Msconfig tool opens the System Configuration window.
There are five tabs which contain the configuration options.
– General
– Boot
– Services
– Startup
– Tools
General :
Three different startup types can be chosen here. Normal loads all drivers and services. Diagnostic loads only basic drivers and services. Selective allows the user to choose what to load on startup. https://snipboard.io/0l2CP7.jpg
Different entries in these registry locations define which services and applications will start, as indicated by their entry type.
These types include Run, RunOnce, RunServices, RunServicesOnce, and Userinit. These entries can be manually entered into the registry, but it is much safer to use the Msconfig.exe tool.
This tool is used to view and change all of the start-up options for the computer.
Use the search box to find and open the Msconfig tool. The Msconfig tool opens the System Configuration window.
There are five tabs which contain the configuration options.
– General
– Boot
– Services
– Startup
– Tools
Boot :
Any installed operating system can be chosen here to start. There are also options for Safe boot, which is used to troubleshoot startup.
https://snipboard.io/VwGAJt.jpg
Different entries in these registry locations define which services and applications will start, as indicated by their entry type.
These types include Run, RunOnce, RunServices, RunServicesOnce, and Userinit. These entries can be manually entered into the registry, but it is much safer to use the Msconfig.exe tool.
This tool is used to view and change all of the start-up options for the computer. Use the search box to find and open the Msconfig tool. The Msconfig tool opens the System Configuration window.
There are five tabs which contain the configuration options.
– General
– Boot
– Services
– Startup
– Tools
Services :
All the installed services are listed here so that they can be chosen to start at startup.
https://snipboard.io/yhOItm.jpg