docMS-DOS / PC-DOS MS-DOS / PC-DOS MS-DOS / PC-DOS MS
download 
Report Transcription
MS-DOS / PC-DOS MS-DOS / PC-DOS MS-DOS / PC-DOS MS
CSC414 Forensic Overview: Computer MS-DOS System and Fundamentals Windows 3.11 Digital Forensics Center Department of Computer Science and Statics U THINK BIG MS-DOS / PC-DOS Microsoft Disk Operating System - http://www.forensics.cs.uri.edu Programs were segregated Program files in a single directory Copy program directory to another system and run it Boot Disks only need three files WE DO R I PC-DOS was IBM's version for its PC Programs usually self-contained - command.com - config.sys - io.sys 00:00 00:18 MS-DOS / PC-DOS MS-DOS / PC-DOS Single user system File names limited to 8 characters with 3 character extension - Only one program could run at a time - Terminate and stay resident (TSR) programs were an exception - - No strong association between file extension and type - Users could use extension for filename or initials Utilities, viruses, key-loggers Simple Operating System Environment - No shared device drivers - - Device drivers integrated in to programs - No shared .dll files (Dynamically Linked Library) - No Windows registry - Each program used a .ini or .cfg file Could not search for .doc for *all* documents Some common applications - Lotus 1-2-3, Microsoft Multiplan Word Perfect, Microsoft Word 01:18 02:36 MS-DOS / PC-DOS Windows 3.11 Digital Forensics didn't exist - - No special forensics tools - Had to relay on system tools and programs - UNDELETE, UNFORMAT - BACKUP, RESTORE Commercial tools were repurposed - Norton Utilities - - Not it's own operating system GUI replaces command line interface Icons were short-cuts to programs Files represented as icons or graphics Intermediary between user and operating system - DiskEdit and Unerase Disk compression was an issue - Provided a GUI interface to DOS - DoubleSpace, DRVSPACE, Stacker 03:30 - GUI translates clicks and drags into DOS commands DOS command line still available - Examining system 04:49 Windows 3.11 MS-DOS HARDWARE Windows 3.x Windows 3.x File Manager not integrated - Forensic Issues - Separate program DLL's introduced - - Files common to Windows programs - users create shortcuts for regularly used programs - favorite groups of programs user preferences of activities Missing DLL's caused errors and prevent programs from running Common system-wide device drivers 06:53 05:36 Forensic Overview: MS-DOS and Windows 3.11 Digital Forensics Center Department of Computer Science and Statics U THINK BIG WE DO R I http://www.forensics.cs.uri.edu 07:58 Virtual Memory Implemented - Evidence of recent computer activity Swap file located at - c:\windows\win386.swp Desktop and preferences for users how to draw windows and menus Cannot simply copy application directory from one system to another an have it run (some did) - - User Specific Information Dynamic Link Library - Issues mostly the same as DOS - Program information and data left in memory Early Internet access - Gopher FTP
