Hard Disks and File Systems Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
17 hours 41 minutes
Difficulty
Beginner
CEU/CPE
18
Video Transcription
00:00
>> Hey, everybody. Welcome back to the course.
00:00
So the last video, we wrapped up our discussion on
00:00
the different phases of investigation in Module 2.
00:00
Here in Module 3, we're going to go over
00:00
some generalized information about
00:00
hard disk and file systems.
00:00
In this video, we're going to start talking
00:00
about the different components
00:00
>> that make up a hard disk.
00:00
>> A quick pre-assessment question,
00:00
what is SSD stand for?
00:00
We'll learn that in this video.
00:00
If you guessed Solid State Drive,
00:00
you are correct, that's what it stands for.
00:00
The other ones are pretty obvious that they're made up.
00:00
Hard disk driver or HDD,
00:00
this uses magnetic storage to store and retrieve data.
00:00
It's also non-volatile storage
00:00
because of the magnetic aspect of it.
00:00
Some components of it are platters,
00:00
tracks, sectors, and clusters.
00:00
We'll talk about those a little bit.
00:00
Platters are going to be the circular metal disk
00:00
that are mounted in the drive enclosure.
00:00
Something important for the exam you want to
00:00
remember is that there's two heads per platter.
00:00
Just keep that in mind just in case
00:00
you see some questions on platters for the exam.
00:00
Tracks. This is going to be
00:00
a concentric ring on a platter.
00:00
We've got a little image there.
00:00
For the CHFI examination,
00:00
you're not going to be questioned as far as like,
00:00
what's the difference between a
00:00
geometrical sector and a track sector,
00:00
it's just going to be basically like a track.
00:00
It's going to be listed as a track or track sector.
00:00
These contain disk blocks
00:00
and they store data in this numbering is 0-1,023.
00:00
That's something else you'll just want to keep in
00:00
mind as you are studying for the CHFI exam.
00:00
Sectors are going to be the smallest physical storage
00:00
on the hard disk platter.
00:00
These are 512 bytes long.
00:00
Now 512 byte,
00:00
you'll also notice that's a master boot record as well.
00:00
Just keep that in mind, you might see that number on
00:00
the exam tested in some capacity.
00:00
We also have things like bad sectors.
00:00
Another topic that's in the official EC council material
00:00
that might be on the exam.
00:00
Basically, this is as it sounds.
00:00
It's portions of the disks that are unusable.
00:00
Could be due to flaws.
00:00
Generally it's caused by configuration issues,
00:00
and it could also be caused by
00:00
the physical disturbance to the actual disk.
00:00
The Master Boot Record, as I mentioned, 512 bytes.
00:00
That last portion is very important there,
00:00
that's the signature so that 0xAA55.
00:00
You'll definitely want to memorize that just in
00:00
case you see something about it
00:00
on the actual examination itself.
00:00
Clusters we mentioned,
00:00
these are the smallest accessible logical storage units
00:00
on the hard disk drive.
00:00
These are formed by combining
00:00
>> different sectors together.
00:00
>> Slack space. Basically,
00:00
as the name implies,
00:00
it's a wasted area.
00:00
Think of like that slacker person.
00:00
They're kind of a waste of the human body.
00:00
They don't really do anything. They sit on
00:00
the couch all day, that sort of stuff.
00:00
Similar thing here in that aspect,
00:00
of it's a wasted area of the disk clusters.
00:00
Basically we've got small files or we're using
00:00
small files and from
00:00
the end of that file to the end of the cluster,
00:00
that's going to be the slack space.
00:00
That's that wasted space.
00:00
SSD or Solid State Drive,
00:00
which is more common,
00:00
or at least in certain devices,
00:00
a more common thing that you see nowadays.
00:00
These have some advantages.
00:00
Higher data transfer rates,
00:00
the area storage on them,
00:00
the storage ability, reliability.
00:00
They're are also non-volatile,
00:00
but they come with a price.
00:00
They cost a little more than HDDs.
00:00
Hard disk interfaces.
00:00
Realistically, you probably won't see this
00:00
on the CHFI exam.
00:00
It is mentioned in the material,
00:00
but I doubt just because this is somewhat older stuff,
00:00
I doubt that you would
00:00
honestly see that on the real exam.
00:00
But again, you could. It's good to
00:00
notice what these are if you're not familiar.
00:00
This is more along the lines of kind
00:00
of like A plus type of knowledge.
00:00
Your SATA, your PATA,
00:00
and then, of course, your SCSI as well.
00:00
Just a quick pulse assessment question here.
00:00
True or false here that the MBR or
00:00
the Master Boot Record that it's 512 bytes?
00:00
Is that true or false?
00:00
That's true. You got that correct if you guessed true.
00:00
Again, that's something
00:00
that you'll just want to memorize as
00:00
you're studying for the CHFI examination.
00:00
In this video, we just went over some of
00:00
the components of a hard disk.
00:00
We also talked about SSD
00:00
and what that was or Solid State Drive.
00:00
If you remember, the pre-assessment question
00:00
was regarding what does SSD stand for?
00:00
The next video, we're going to go over some things
00:00
like bit vs byte versus nibble,
00:00
as well as some other topics that are related.
00:00
Again, in this entire module,
00:00
we're just going over the structure
00:00
of hard disk as well as file system.
00:00
A lot of memorization,
00:00
if you will, on these
00:00
particular things that you'll need to know.
00:00
But just make sure you understand
00:00
them that way as you see
00:00
the terminology on the examination, you'll understand.
00:00
For example, if they tested you on Master Boot Record,
00:00
you would know that that's 512 bytes and you would know
00:00
that MBR stands for Master Boot Record.
00:00
Just keep all that in mind. This is like
00:00
foundational knowledge that you'll need to know.
00:00
Number 1 for a career forensics,
00:00
but also more so towards the CHFI examination.
Up Next