Time
4 hours 15 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:01
hi will come back in the rest video. Restoring what emerging is what is important. How can you check the integrity off the Windows image? We also learned out the physical draft moment capturing Windows.
00:12
No, we're going to learn about the logical tried nomenclature on us. Useful. I'm going to ask you some quick questions in order to dust. You know English
00:20
are very well known. Unexplained analogy. Is there a computer Royer Microsoft Windows operating system organizes? Is data like you would organize files in a file cabinet discovered It has multiple drawers, is roar contains folders. It's folder contains important papers that you need to fire away
00:40
the Windows phone system structure barrel This type of organization
00:44
based on the file cominat scenario, this governor drawer is super scented as logical drive on a Windows computer, for example, the original Darcy is usually were you. Personal data on system data is stored that they drive may contain finds used for computer recovery
01:02
that should only be managed by a system administrator.
01:04
The e dry may give you access to a DVD player When external device such a digital camera. I spoke into a Windows computer, a neurological Dr F may appear, which give you access to the photo fights off the camera.
01:19
The physical volume or partition on the hard drive is coming. Refer to a Dr letter Forrester See is the common value for the system's main partition
01:30
in Windows. Entire dry sea or mountain Point is the letter C represented by two. Backslash is followed by a daughter, followed by a backslash undersea, followed by color
01:42
toe access or stuff. This wouldn't have toe. Specify the device. The hard days on the partition. We can also use the unique volume name.
01:53
Ah fighting stem enable application to store under three fives or storage devices.
01:57
Fires are placed in a hierarchical structure. The file system specifies naming convention for files on the format for specify in the past to a fire in the tree structure.
02:09
It's fine System consists off one or more drive on a dynamic link library that defined the day of format are featured on the file system.
02:19
Five systems can exist on many different types of stores. Devices
02:23
including hardest jukeboxes removal optical disks, tape backup units on memory cards, all fi system supported by windows have the following storage components. Volume directors of folders on five billion is a collection off their *** fires.
02:43
The Heisler off organization in the file system is the volume
02:46
Ah, first system precise on a wall You, which contains a least one partition, which is a logical division off a physical disc.
02:55
The directory is a hierarchical collection off directory, some fires under file. It's a logical grouping off related data
03:05
before continue. Here's a quick question for you.
03:07
Which of these definitions explain where fire is?
03:12
Do you think it's a circulation of the recent files or be, Ah, here, keep her collection off. Directories are false or probably see it's a logical group. Enough later. Data or Dean known off the boat.
03:23
If you say see you're correct. Ah, fire is a logical group. In off related data,
03:30
let's analyze what their toys are. The factory is higher Killer collection, off directory selfies. They're a little strange on the number of fights that can be contained in a single directory is the physical size off the disc on which the directory is located.
03:46
Some common folders that come by the fall on a windless environment include documents, pictures, music, videos and downloads.
03:53
The document folder is a logical place to store were possessing five s precious AM presentations. Picture folder is appropriate for the little pictures that you created. Corbett Oris Conference Turn Our sources Such a C mail scanner, Internet or digital camera. The music folder
04:10
is suitable for music files that you learned from the Internet.
04:14
Ripped from the city or composed with a music program.
04:16
DVDs Folder is proper for views. Dinner from the Internet. Cope it from a camcorder or creative from we make her suffer. The Downloads folder is recommended for programs and five star Lord from the Internet.
04:29
You may also create full there's some some folders.
04:31
Micros of wind Off uses a fine naming convention where the fine line is delineated by the backslash sign.
04:40
Ah, fine object provides a representation off our source, either. A physical device Orders are located on a fiscal device that can be managed by the system.
04:50
Like other objects, the naval sharing off the resource they have names. They are protected by object based security on the support of synchronization.
05:00
The system handsome nails reading front or writing to the resource
05:03
papers on items fight inside a physical file. Cabinet folder represented our files in Microsoft Windows Environment.
05:13
Ah, well knows my name can have up to 260 characters. We lose Fire usually has a fire station, which helps windows understand what type is on how to read it. A regular world pressing file With that PSD file extension,
05:29
Main vocal will loose. Don't butt or war, but program to open it.
05:34
A picture file without J P five Stangel Main broke a window speech of your program in Indiana. Windows five Boy. These characters, such as slashed the back last interrelation sign on many others
05:49
as we analyze before ah five system enables obligations to store under three fights. Ah Willis Application circulation off. Execute herbal programs on supporting files. For instance, Marcus off war is a well along with this application, a process, he says were any instance off a window supplication
06:08
note. The most applications are low. The user to row multiple copies off the same application at the same time
06:15
is running. Instance is a separate process with his own memory space
06:19
to be more specific. Ah, process isn't really eastern often application, together with a set of resources that are allocated to a running application.
06:30
A trade is an object within a process that is allocated professor time by the operating system in order to execute code insured threats, not processes. Execute program coat every process moves half at least one threat.
06:46
The purpose of threads off course is to allow a process to maintain more than one line off institution. There is more down home thing at the same time,
06:57
in a motiveless or environment,
06:59
which is a computer with more than one CPU.
07:02
We lose kind of signed difference, sir. It's still different processors for hiring true multi processing
07:09
in a single possessor environment. The CPU most pride time slices toe is threat. There is currently running on the system.
07:18
Okay, he's not boast assessment question for you.
07:20
What is the common value used for the system? A partition,
07:26
he said. The letter A or B or C or D
07:30
If you say see you were paying attention. Let's see.
07:35
Here is a summary of Windows device names
07:39
that's we analyzed in when the windows words drives can be identified by their name. So chas window seven west etcetera
07:47
on their device layer such a sea as we have seen before,
07:51
The important thing to remember is that we lost really only care some of the life later.
07:57
That has to be unique. You can't have to drive. Labeled the Forrester's on the same computer.
08:03
The name, on the other hand, is just for convenience.
08:05
We looked this place it unless you anything
08:09
but the operating system doesn't use it. We're selecting which Dr Success.
08:15
That's why you can have two more drives with the socks, a name without confusing windows
08:22
so the local material is represented by two. Backslash is followed by a dart,
08:26
the sea volume with color to see that the will with their the answer. But what about Dr A and B?
08:33
The abscess is a historical relic. Those there were originally set aside for for a big drive the first physical days, he represented us hard to zero on the psycho physical discussed hard. This one we can't identify is bowling by the unique volume name.
08:52
For more information, don't forget to check the reference on supplementary material
08:56
in the next model we're going to analyze, Imagine with Didi, I'll explain what do the is on the syntax with some hands on experiences on howto much discs

Up Next

Windows Forensics and Tools

The Windows Forensics and Tools course focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems.

Instructed By

Instructor Profile Image
Adalberto Jose Garcia
Information Security Analyst at Bigazi
Instructor