2.1 Physical Drive Nomenclature in Windows

00:01

hello and welcome back to the course

00:03

in the last month, we went over some of the basic information that you should know to be successful in this curse we define where Windows Issa celebrating system, a Swiss, different signature ideology. We also talk about Windows for any six in a general way on what is the importance of it. So if you've been watched, that mortal response, this video on watch model one

00:23

a serious, very poor turning the four we lessers

00:26

in this video, we're going to go over a pre assessment question formal, too. And after that, we're going to cover Windows. Imagine on analyze the digital, our physical structure off the operating system.

00:37

So here's the reassessment question for you.

00:40

What is the forensic much

00:42

do you think is a red copy off a physical stores device? Or maybe be a backup off after Windows folders? Or maybe see a duplicate off the fights in the operating system

00:53

or DEA Windows Store Point.

00:56

If you say a direct copy of a physical storage device, you're correct. We're going to see why next.

01:03

Imagine isn't portal to preserve for his evidence. For instance, if it is a criminal investigation or, in my end up in litigation since for insect activity is typically alter potential evidence like fire, like six times, I really you should immediately make a duplicate image off the hard drive

01:22

on do foreign six on the duplicate,

01:25

this might require is starting to drive with a duplicate image in the source. But computer I'm booting from the duplicate Dr So make sure that it refused to make the duplicate has the same interface as original.

01:38

Labeled original. I started in a lox on secure location.

01:42

Ah, forensics image, also called a forensic copy, is a beat by beat sector by sector direct copy off a physical storage device, including all files folders on only located free on slack space.

01:57

Foreign sick images includes not only all the files visible to the operating system were also solidifies on pieces off files left in the slack on free space

02:08

when he missing a Windows operating system. The same foreign six principal supply us when imagine any other system

02:16

we can use even the same tools as physical dress images and logical volumes cannot be much with delete that exit. If you don't know what do these don't worry, we're going to cover it. Laying around on this curse.

02:30

Not all emerging number could sell for. Create foreign sick images. We lose. Sparkled, for example, create in March. Backups that are not complete copies off the physical device. Forensic images can be created to specialized foreign. Six. So far,

02:46

some disc. Imagine utilities. No markets for forensic use. Also make complete dicks images.

02:53

The image is verified. Youth in Mt. Five. Some

02:58

will identify or any other similar tools.

03:01

I am defy harsh or checks on. Mrs Digest is a 128 Beats Omari off the file contents for presenting by two little hex of the single digits.

03:13

Fires with different MD five songs are different on Lee. Very exceptionally and youthfully with Intent to the seas are those with the same sounds different

03:23

on Windows. All fires are red in Vienna, remote as the M defy some utilities, their due

03:30

then defying message digest algorithm takes on input. In this case, our fire on Bruce on 128 feet, or 16 bite output, which can be represented a strain off little hex decimal values.

03:45

This hope

03:46

he's a fingerprint or Mrs that? Yes, For the fire,

03:50

this is a good way to vote. Verify that if I has not been damaged during military transfers and also to verify that if I were getting has no being tampered with,

04:01

we need to look at extra. Sure, if the Windows operating system the first physicals right, is refer to us hard. This volume zero on some secret rise has 123 etcetera. When you're looking for computers on your network neighborhood, you may have noticed that you look it right. Easter, presented by two backslash is

04:21

follow your gut.

04:25

Police don't forget to check.