MS-DOS / PC-DOS CSC414 Forensic Overview -...

2
CSC414 Computer System Fundamentals THINK BIG WE DO U R I http://www.forensics.cs.uri.edu Digital Forensics Center Department of Computer Science and Statics Forensic Overview: MS-DOS and Windows 3.11 Forensic Overview: MS-DOS and Windows 3.11 MS-DOS / PC-DOS Microsoft Disk Operating System - PC-DOS was IBM's version for its PC Programs usually self-contained - Programs were segregated - Program files in a single directory - Copy program directory to another system and run it Boot Disks only need three files - command.com - config.sys - io.sys MS-DOS / PC-DOS Single user system - Only one program could run at a time - Terminate and stay resident (TSR) programs were an exception - Utilities, viruses, key-loggers Simple Operating System Environment - No shared device drivers - Device drivers integrated in to programs - No shared .dll files (Dynamically Linked Library) - No Windows registry - Each program used a .ini or .cfg file MS-DOS / PC-DOS File names limited to 8 characters with 3 character extension - No strong association between file extension and type - Users could use extension for filename or initials - Could not search for .doc for *all* documents Some common applications - Lotus 1-2-3, Microsoft Multiplan - Word Perfect, Microsoft Word MS-DOS / PC-DOS Digital Forensics didn't exist - No special forensics tools - Had to relay on system tools and programs - UNDELETE, UNFORMAT - BACKUP, RESTORE - Commercial tools were repurposed - Norton Utilities - DiskEdit and Unerase - Disk compression was an issue - DoubleSpace, DRVSPACE, Stacker Windows 3.11 Provided a GUI interface to DOS - Not it's own operating system - GUI replaces command line interface - Icons were short-cuts to programs - Files represented as icons or graphics - Intermediary between user and operating system - GUI translates clicks and drags into DOS commands - DOS command line still available - Examining system HARDWARE MS-DOS Windows 3.11

Transcript of MS-DOS / PC-DOS CSC414 Forensic Overview -...

Page 1: MS-DOS / PC-DOS CSC414 Forensic Overview - …homepage.cs.uri.edu/~thenry/csc414/30_DOS_To_Win3_TOC.pdf-command.com-config.sys-io.sys MS-DOS / PC-DOS Single user system-Only one program

CSC414ComputerSystemFundamentals

THINK BIG WE DO

U R Ihttp://www.forensics.cs.uri.edu

Digital Forensics CenterDepartment of Computer Science and Statics

Forensic Overview:MS-DOS

and Windows 3.11

Forensic Overview:MS-DOS

and Windows 3.11

MS-DOS / PC-DOSMicrosoft Disk Operating System

- PC-DOS was IBM's version for its PC

Programs usually self-contained- Programs were segregated- Program files in a single directory- Copy program directory to another

system and run it

Boot Disks only need three files- command.com- config.sys- io.sys

MS-DOS / PC-DOSSingle user system

- Only one program could run at a time

- Terminate and stay resident (TSR) programs were an exception- Utilities, viruses, key-loggers

Simple Operating System Environment

- No shared device drivers- Device drivers integrated in to programs

- No shared .dll files (Dynamically Linked Library)

- No Windows registry- Each program used a .ini or .cfg file

MS-DOS / PC-DOSFile names limited to 8 characters with 3 character extension

- No strong association between file extension and type

- Users could use extension for filename or initials - Could not search for .doc for *all*

documents

Some common applications- Lotus 1-2-3, Microsoft Multiplan

- Word Perfect, Microsoft Word

MS-DOS / PC-DOSDigital Forensics didn't exist

- No special forensics tools- Had to relay on system tools and

programs

- UNDELETE, UNFORMAT

- BACKUP, RESTORE

- Commercial tools were repurposed- Norton Utilities

- DiskEdit and Unerase

- Disk compression was an issue- DoubleSpace, DRVSPACE, Stacker

Windows 3.11Provided a GUI interface to DOS

- Not it's own operating system

- GUI replaces command line interface

- Icons were short-cuts to programs

- Files represented as icons or graphics

- Intermediary between user and operating system- GUI translates clicks and drags into DOS

commands

- DOS command line still available- Examining system

HARDWARE

MS-DOS

Windows 3.11

Timothy Henry
00:00
Timothy Henry
00:18
Timothy Henry
Timothy Henry
01:18
Timothy Henry
02:36
Timothy Henry
03:30
Timothy Henry
04:49
Page 2: MS-DOS / PC-DOS CSC414 Forensic Overview - …homepage.cs.uri.edu/~thenry/csc414/30_DOS_To_Win3_TOC.pdf-command.com-config.sys-io.sys MS-DOS / PC-DOS Single user system-Only one program

Windows 3.xFile Manager not integrated

- Separate program

DLL's introduced- Dynamic Link Library- Files common to Windows programs

- how to draw windows and menus

- Cannot simply copy application directory from one system to another an have it run (some did)- Missing DLL's caused errors and prevent

programs from running

- Common system-wide device drivers

Windows 3.xForensic Issues

- Issues mostly the same as DOS

User Specific Information- Desktop and preferences for users

- users create shortcuts for regularly used programs

- favorite groups of programs

- user preferences of activities

Virtual Memory Implemented- Evidence of recent computer activity

- Swap file located at- c:\windows\win386.swp

- Program information and data left in memory

Early Internet access- Gopher

- FTP

THINK BIG WE DO

U R Ihttp://www.forensics.cs.uri.edu

Digital Forensics CenterDepartment of Computer Science and Statics

Forensic Overview:MS-DOS and

Windows 3.11

Forensic Overview:MS-DOS and

Windows 3.11

Timothy Henry
05:36
Timothy Henry
06:53
Timothy Henry
07:58
Timothy Henry
Timothy Henry

Chapter 1 Introduction - homepage.cs.uri.edu · 1.3 Objectives In this study, ... Chapter 6 concludes the thesis with a summary and discussion of its contributions and limitations,

Chapter 1 Introduction - homepage.cs.uri.edu · 1.3 Objectives In this study, ... Chapter 6 concludes the thesis with a summary and discussion of its contributions and limitations,

34 Windows Registry - University of Rhode Island › ~thenry › csc414 › 34... · REG_NONE No Type just raw bytes REG_BINARY Binary binary data value REG_DWORD Double Word four

34 Windows Registry - University of Rhode Island › ~thenry › csc414 › 34... · REG_NONE No Type just raw bytes REG_BINARY Binary binary data value REG_DWORD Double Word four

Rosa dos Tempos Rosa dos Ventos

Rosa dos Tempos Rosa dos Ventos

Influncia Dos Factores Do Meio No Comportamento Dos

Influncia Dos Factores Do Meio No Comportamento Dos

MORTADELO Y FILEMON -DOS TOPOS Y DOS BERBERECHOS

MORTADELO Y FILEMON -DOS TOPOS Y DOS BERBERECHOS

Dos à Dos. Proyecto de creación condicionada. Parte primera

Dos à Dos. Proyecto de creación condicionada. Parte primera

In Vertebra Dos dos Prof.fabio

In Vertebra Dos dos Prof.fabio

STORES/MLS JCBA HIGHLIGHTS - TWU-IAM Association · 2020-03-10 · STORES/MLS $1.60 $1.90 $1.95 $2.00 $2.00 $2.05. IAMNPF Monthly Multiplier Current DOS DOS +12 DOS +24 DOS +36 DOS

STORES/MLS JCBA HIGHLIGHTS - TWU-IAM Association · 2020-03-10 · STORES/MLS $1.60 $1.90 $1.95 $2.00 $2.00 $2.05. IAMNPF Monthly Multiplier Current DOS DOS +12 DOS +24 DOS +36 DOS

Chapter Sixteen: Turing Machines - homepage.cs.uri.edu · Turing Machine (TM) • Input is a tape with one symbol at each position • Tape extends infinitely in both directions •

Chapter Sixteen: Turing Machines - homepage.cs.uri.edu · Turing Machine (TM) • Input is a tape with one symbol at each position • Tape extends infinitely in both directions •

CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

Perceptron Learning - homepage.cs.uri.edu · Perceptron Learning Observations: The inherent assumption is that D is linearly separable, that is, a hyperplane can be found that perfectly

Perceptron Learning - homepage.cs.uri.edu · Perceptron Learning Observations: The inherent assumption is that D is linearly separable, that is, a hyperplane can be found that perfectly

OS DETERMINANTES DOS HONORÁRIOS DOS …...complexidade dos clientes são os principais determinantes dos honorários cobrados. Outras investigações indicam que o mercado paga maiores

OS DETERMINANTES DOS HONORÁRIOS DOS …...complexidade dos clientes são os principais determinantes dos honorários cobrados. Outras investigações indicam que o mercado paga maiores

ECOLOGIA POPULACIONAL DOS AMPHIPODA (CRUSTACEA) DOS FITAIS DE

ECOLOGIA POPULACIONAL DOS AMPHIPODA (CRUSTACEA) DOS FITAIS DE

SAP, dos, dos, race conditions => rce - CONFidence 20162016.confidence.org.pl/media/...Yudin_-_SAP_dos_dos_race_conditions... · SAP, dos, dos, race conditions => rce Dmitry Chastuhin,

SAP, dos, dos, race conditions => rce - CONFidence 20162016.confidence.org.pl/media/...Yudin_-_SAP_dos_dos_race_conditions... · SAP, dos, dos, race conditions => rce Dmitry Chastuhin,

Comandos Basicos Dos (Ms-dos)

Comandos Basicos Dos (Ms-dos)

A Função dos Modificadores dos Leucotrienos no tratamento ... · 0 zileuton (inibidor da sintese dos leucotrienos) e o zafirlukast (antagonista dos receptores) foram recentemente

A Função dos Modificadores dos Leucotrienos no tratamento ... · 0 zileuton (inibidor da sintese dos leucotrienos) e o zafirlukast (antagonista dos receptores) foram recentemente

Relatorio Simplificado Dos Contributos Dos Formandos Nos Workshops

Relatorio Simplificado Dos Contributos Dos Formandos Nos Workshops

CSC414 “Introduction to UNIX/ Linux” Lecture 3. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

CSC414 “Introduction to UNIX/ Linux” Lecture 3. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

Los Dos La Re Dos

Los Dos La Re Dos

Cur Sode Electro Dos Re Vest i Dos

Cur Sode Electro Dos Re Vest i Dos