< All Computer Hacking and Forensics Notes

YoussefM | Computer and Hacking Forensics | Module 7 – Hard Disks and File Systems

By: YoussefM | Related Course: Computer Hacking and Forensics | Published: November 1, 2017 | Modified: November 11, 2017
Join Cybrary

NotepadHard Disks and File Systems

Hard Disks and File Systems

Welcome to Module 7, Hard Drives and Files Systems. This introduction gives a nice overview of what’s behind the computing systems we utilize. It outlines the two types of hard devices, defines the variety of hard drive speed and capacity, then explains in details the different types of files systems, their logical structures, and what the most popular ones are.
We discuss partitioning, what he master boot record is and what a DD Command is and why it’s critical to know and understand how to manipulate it.
You’ll learn why it’s important to know how to perform certain tasks manually even though there is system software that will do it for it, as well as how connectivity interfaces with hard drives vary and the pros and cons they bring with them.
And finally you’ll review in minute detail master boot record functions relative to the various operation systems and you’ll learn why it’s critical to know and understand the full life cycle of every transaction on your device relative to the operating system environment it lives in.
As part of Module 7, Hard Disk and File Systems demonstrations, you’ll gain hands on experience with the following labs:
Efsinfo Lab
FileScavenger Lab
Process Monitor Lab
Regshot Lab
Easycleaner Regshot Lab
HDValet Regshot Lab
Rname IT Lab
System Information for Windows Lab
Add/Remove Pro Lab

NotepadHard Disks and File Systems Add/Remove Pro Lab

Hard Disks and File Systems Add/Remove Pro Lab

The add/remove lab is the last demonstration lab in Module 7, Hard Drives and Files Systems.

This utility is great is the equivalent of Easycleaner Regshot except it finds and removes all the add/remove list items from the system, something a hacker would to hid the fact they modified the system.

Add/remove Pro is an excellent and essential tool for forensic analysis because you can trace determine what was done to the system by the list items the Add/Remove tool will find.

NotepadHard Disks and File Systems Easycleaner Regshot Lab

Easycleaner is a registry analysis tool that tracks what the user has done to remove/delete files from their system.

In this lab, you’ll see how to use Easycleaner Regshot to capture a snapshot of the registry before files are deleted, as well after, but more importantly, it teaches you how you have to work and tweak the tool to accommodate different scenarios and make sure you have the correct permissions to conduct the desired analysis.

You’ll see what the output report says in contrast to the original registry capture and learn what it is you need to do as a process in order to determine, verify and assess data captured in the analysis correctly, and why you cannot make assumptions based upon a perceived assessment result.

NotepadHard Disks and File Systems Efsinfo Lab

Hard Disks and File Systems Efsinfo Lab
For this lab, we’ll introduce you to Efsinfo, a utility that shows you the encryption process of encrypted files.
This tool is used to track down the original owner of encrypted files. The lab demonstrates the program and simulates how this work using a general help file. You’ll learn from this demonstration how the file was encrypted, who encrypted it, and where you can find/match up that information is what EFS info will tell you.

NotepadHard Disks and File Systems FileScavenger Lab

Hard Disks and File Systems FileScavenger Lab
Welcome to FileScavenger, a really neat tool for scanning for what files are on a drive, and all of its intimate details.
For example, you’ll be able to determine the exact location of files, the last time they were accessed, who did it, the actual file size and its last modification date

NotepadHard Disks and File Systems HDValet Regshot Lab

Next we introduce you to HDValet.  This is basically a junk file cleaning tool.  What this tool does is clean up the junk files like temp and backup files.  You’ll see a demonstration of a user cleaning their files and then a run of Regshot to see if that junk file cleaning impacted the registry in any way.

HDValet creates a log file.  You’ll learn about the info it provides such as storage capacity savings, details about the files it finds and deleted including where they were located, file types and other information for example junk files that could not be removed to the recycle bin.

And finally, you’ll see how a registry is or is not modified following a registry cleaning, what registry components if any were affected, and how.

NotepadHard Disks and File Systems ProcessMonitor Lab

Hard Disks and File Systems ProcessMonitor Lab

This is the Process Monitor lab.  Process Monitor is an excellent program for assessing processing and determining what is happening that the system sees.

You’ll learn how to assess registry process an all their information to see what a process is actually doing.  You’ll also learn what it’s actually referencing and volume of other cross-referenced data in terms for a given process in real time.

NotepadHard Disks and File Systems Regshot Lab

Hard Disks and File Systems Regshot Lab

Regshot is a registry utility that delivers a snapshot of your registry and compares values.

From the demonstration you’ll learn how Regshot analyzes the keys and the values, determine if you want an output file and its location if needed.  Regshot is valuable as both an academic source of information and as a forensic tool.  You’ll observe and learn the value of what happens when for example you install a new application when you compare a before and after snapshot of the registry.

NotepadHard Disks and File Systems Rname it Lab

This lab demonstrates Rname IT. Rname IT is a batch utility that changes file names in bulk such as its extension.

Rname is a way of changing a large group of files all at ones, this lab demonstrates how to accomplish that, AND nicely articulates why that is important within the scope of Computer Forensics.

NotepadHard Disks and File Systems System Information for Windows Lab

This is a really hands-on, visual lab for running comprehensive analysis on a given Windows Systems environment.

The System for Information Windows lab demonstrates how it reveals details about every host on your network including software installations, drivers, hardware, security settings, even licensure, and what’s going on with each of those components.  This software also displays, organizes its data in a thorough, quick reference, dashboard type way making the report extremely comprehensive.

< All Computer Hacking and Forensics Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?