1 / 20

Computer Forensics BACS 371

Computer Forensics BACS 371. Computer System Basics 2 Hard Drive Storage & File Partitions. Computer System Basics 2. Hardware Disk Drives Formatting Data Storage File Partitions File Systems introduction. Hardware. Disk Drives Formatting Low-Level Formatting High-Level Formatting

arlais
Download Presentation

Computer Forensics BACS 371

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer ForensicsBACS 371 Computer System Basics 2 Hard Drive Storage & File Partitions

  2. Computer System Basics 2 • Hardware • Disk Drives • Formatting • Data Storage • File Partitions • File Systems introduction

  3. Hardware • Disk Drives • Formatting • Low-Level Formatting • High-Level Formatting • Data Storage • Encoded Bit • Byte • Word • Sector • Cluster • File

  4. Hard Disk Drives

  5. Hard Disk DriveSectors and Clusters

  6. Disk Drive & Misc Hardware Videos Details about how a hard drive works (apx 3:20) http://www.youtube.com/watch?v=kdmLvl1n82U See hard drive running and accessing (apx 1:40) http://www.youtube.com/watch?v=4sz4VHCj2Ho Why not freeze a hard drive? http://www.youtube.com/watch?v=ad1uVAB5bNA • Old 72 MB hard drive staring up. (apx 1:08) http://www.youtube.com/watch?v=Y9Z8vF46fXo • Details about how CPU chips are made (apx 10 min) http://www.youtube.com/watch?v=-GQmtITMdas

  7. Hard Drive Basics • Head • Device which reads and writes data on the disk • Track • Individual circles on disk platter where data are located • Cylinder • A column of tracks on a disk drive with 2 or more platters • Sector • An individual section of data on a track – the smallest amount of data which can be written to the disk – usually 512 bytes • Disk Capacity (CHS calculation) = #cylinders (platters) * #tracks * #sectors

  8. Disk Addressing Schemes • There are 2 common disk addressing schemes: • CHS • Cylinder, Head, Sector • Closely tied to the physical geometry of the disk drive • LBA • Logical Block Address • Independent from the physical geometry of the disk drive • Most modern drives use this scheme

  9. CHS Calculation Example Platter Sector Track Cylinder Capacity = Heads * Tracks * Sectors * Bytes/Sector

  10. Hard Drive Data Storage I • Bit • Binary Digit • Stores either a ‘1’ or a ‘0’ • Byte • 8 bits • Single ASCII character • Values from 0~255 • Word • Usually 4 Bytes • Represents the minimum piece of information which a computer can manipulate • Values from 0~4,294 ,967,296 Bit Byte Word 8 bits 32 bits or 4 bytes

  11. Hard Drive Data Storage II • Sector • Minimum storage size on a hard drive • One “pie shaped” arc of a platter • Common storage size of 512 Bytes • Established during low-level formatting • Numbered sequentially starting at 1 • Cluster (File Allocation Units) • Minimum storage size for a file as determined by file system • Common cluster size is 4096 Bytes (4KB) – 8 Sectors • File • Determined by file system Sectors Clusters File * Just an example, your file may occupy more or fewer clusters. 8 Sectors 2 Clusters

  12. Hard Drive Storage Capacities

  13. Formatting and Partitioning • Low-Level Formatting • Physically defines tracks and sectors on disk • Does erase data • Typically only performed at factory • Partitioning • High-Level Formatting • Dividing the disk into volumes – process of defining the file system structure • Appear as logical drives to OS • Does not destroy data on Disk

  14. Partitions • A partition is a logical volume within a physical volume (i.e., disk). • The Master Boot Record (MBR) of a disk defines the partitions found on the physical disk. • An MBR can define 4 primary partitions (max). • These partitions can be defined as “logical partitions.” • Logical partitions are capable of being further subdivided into smaller logical partitions.

  15. To open Computer Management, click Start, and then click Control Panel. Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management. Partitions

  16. Master Boot Record (MBR) • Executable Code • Machine Language Code • Processor Specific • Decodes Partition Table • 446 bytes long byte 446 • Partition Table • 4 Entries • First Entry Starts at offset 0x01BE (44610) • MBR “Signature” • 0x55AA

  17. Decoding a Partition Table Entry • Entry #3 starting at offset 0x01DE • Starting Sector • Offset 2 • 6 bits (use 6 LSB) • Decode as bits • 0xC1 = 1100|0001 • 6 LSB = 000001 = Sector #1 • Starting Cylinder • Offset 3 • 10 bits (use remaining 2 bits from sector as upper 2 bits) • Decode as bits • 0xFF = 1111|1111 • 10 bits = 11|1111|1111 = 0x3FF = Cylinder # 1023 • Bootable? • Offset 0 • Value 0x80 means bootable • Starting Head • Offset 1 • 1 Byte • 0x00 = 0 Starting Head • File System Type • Offset 4 • Decode as table entry • 0x0C = Win 95 Fat-32 LBA • Number of Sectors • Offset 12 • 4 Bytes • Decode as Number (swap) • 0x000E37BA = 931,770 • # of sectors in this partition • 477,066,240 bytes (*512) • Relative Sectors (start of partition) • Offset 8 • 4 Bytes • Decode as Number (swap) • 0x1D0D9045 = 487,428,165 • # of sectors from start of drive to start of this partition Ending Head 5 Ending Sector 6 Ending Cylinder 7

  18. Partition Layout http://www.microsoft.com/library/media/1033/technet/images/prodtechnol/winxppro/reskit/ch28/f28zs07_big.jpg

  19. Extended Partition Layout http://www.microsoft.com/library/media/1033/technet/images/prodtechnol/winxppro/reskit/ch28/f28zs07_big.jpg

  20. File Systems • Each partition can contain an independent file system. • A file system is merely a structure for storing and organizing computer files and data on a disk partition to make it easy to find. • The main files systems currently used are: • FAT – (FAT12, FAT16, FAT32., exFAT_ • NTFS • EXT (Ext2, Ext3, Ext4) • HFS

More Related