Computer Foundations

00:00

hi and welcome to everyday digital forensics. I'm your host to send, you said. And in today's episode, we're gonna discuss some of the computer foundations were gonna perform some conversions between the three types by Neri Decimal and Ex adjustable, and then finish off with our logic gates. If you already familiar with these topics, go ahead and skip to the next episode.

00:19

Next episode were to be discussing a different fall system types, followed by a deep dive into the to fall systems fete and anti FS from decimal 0 to 15. Accident symbol zero F and binary. 000021111 We have the conversion

00:37

values for decimal toe hacks, a decimal

00:40

and hexi decimal to binary. When we reference these values, the computer uses them for different reasons, depending on the file system or if you're looking for file metadata, you encounter one of these values by in areas particularly used for memory traces, while decimals are digits and then Hexi decimal is for easy visibility.

00:59

So why does this matter to me as an investigator?

01:03

Let's say you open up your silly row profiler and you're looking at an image a test stop MVD a trial, and you can see that there's a bit of information on the page.

01:14

If you're not familiar comfortable with us, it just may look like a lot of gibberish. So this is actually the partition boot sector in our fat file system, and you'll see this image later on. In this, we have three sections we really want to pay attention to. We have our offset,

01:27

and this the location on the memory space that the information is available. Note that the offset maybe zero, but this is based on the start of the file. The file instead may have begun at a different sector.

01:38

A different cluster, just a different physical location than what the off that is explained. So when you review in your record, ensure that you're making note of the sector, the cluster, the physical location

01:49

and get the absolute path off that offset just to avoid confusion later on. Now offset is used to

01:56

determine the student ranges for X, a decimal values, and these if these different ranges defined different attributes and information about the file itself. So we have certain attributes that are defined, and the conversion from Hex to ask. He helps an examiner determine what these values are thes Hexi decimal values can also define pixels and images, date times, some file attributes

02:16

and overall data. Now we have are asking values, and the asking is on the right side of the screen. It's the editors conversion of the hacks of decimal values to asking note that not all these values are converted, including take time. And some of the convergence may be gathered by another feature of the Cityville profile toe

02:34

or manually using the conversion between accessible and asking.

02:38

So here's just an example of certain offsets within a file defining several attributes of a file based on what's highlighted and the number position. This is telling you what that hacks of decimal range is defining. Our 1st 3 rows were defining the entry order number in the sequence of the long directory entries.

02:58

And then, as you see as you go further in, we can get if I was attributes a type,

03:01

check some of the short value and so on. So now for a conversion time, I just showed you why this is important. So that's actually from form ah, conversion

03:12

So let's look at the conversion of binary number two DeSimone over.

03:16

We're giving the example of 10011011

03:21

We're gonna convert it to discipline number

03:23

in computation.

03:25

Positioning starts at zero, not one. So,

03:30

as we might say from the left,

03:32

this is position one. This is actually position zero. So 0123456 and seven.

03:42

So for their conversion to buy an Aryan two decimal, we'll take our first position.

03:47

I'm all supplied this bit by two

03:51

raised to the position is so in this case, it's one.

03:57

Then we'll do it for the next one. And when we get sirrah,

04:00

we get our face position set to zero

04:04

returns,

04:06

so we'll continue this down until we completed for each bit.

04:11

So to get the final number, you'll feel some up your values. So when those two those eight a 16% in 28 which gives you 1 55 and computer science and information theory a bit, that is a smallest possible piece of information.

04:29

Most of time it could be expressed as a digit of a binary number.

04:32

So if we take the example of our by never, never here, which is 1 55 intestinal

04:38

and send it as a string of data into a network. We could send it into different ways.

04:43

We can start from the left to the right or right to left.

04:47

We're looking at network traffic

04:49

and figuring out how he strained her sons.

04:53

You must understand which of the two or reigns

04:56

is being done,

04:58

so you're most significant bit. First, is your right to left and then you're that any significant bit,

05:04

the two ordering our most significant bit first and these significant bit? First,

05:11

the significant bit is a bit, which is furthest to the right and holds the beast value in a

05:16

more time. Bit

05:18

finer number

05:19

as by our numbers, are largely news in computation and other related areas. That these significant bit holds importance, especially when it comes to the transmission. All of these binary numbers,

05:33

So let's take it to the other way. Let's do decimal binary.

05:38

As you can see, we have 162 base of 10.

05:42

A number could have different bases and face the most calculations,

05:46

depending on what your basis, which could be two or three

05:50

has significance of how you would actually convert the data,

05:56

how you would convert the decimal to binary

05:58

in this case to her base of 10. So always the Jews divide by two.

06:03

So now let's convert 160 with base 10 decimal to binary. We'll just divide by two.

06:10

So 116 divided by two is 80 were left with the remainder observer.

06:15

We'll do the same thing to 80 would live for the remainder of 0 40 and so on until we reached our 1st 1 That actually gives there's a remainder of one

06:25

or continue until our last digit is the value one

06:30

so cool. And I have done all the division and I got in a budget zeros and ones

06:35

Now, depending on the way that you're reading the data, whether it's these significant bit our most significant bit, is it any harder? Displaying it

06:44

here for the solution will be one still one

06:47

00000

06:50

So now you can go ahead and test your new skills. You can go ahead and probably video and give yourself a moment just to solve these conversions.

07:00

These air, the answers, toothy conversions. Okay, cool. So now I know how to count. Now what? Well, as I mentioned earlier, there may be attributes within an object on a file system that the conversion from one Hexi decimal, for example doesn't actually convert over to ask you

07:17

Here we are in autopsy viewing and NDFs

07:20

partition, particularly in the MF t file. So one method to determine if your file system is craps is to check the differences between the MF t values versus those of the MF T mirror.

07:32

So I'm have t shows that the first subset is defined as files. Thes attributes actually define what the file type is. And this is our file within her MFC folder thes values over here,

07:46

although on the right shows just some gibberish. Characters actually defines different date times for this file. So as you can see up here, we have our modified created access. These offsets are what calculates these values. So you may not actually see it here on the asi aside. But when you

08:05

perform the conversion,

08:07

that's where this attributes maybe the modified This 1 may be the create. This 1 may be the access This maybe some other daytime value on. You will take this

08:18

and you'll compare it with your MFP mare.

08:22

So the MF t mirror this is the same file.

08:24

Same particular file. But this is the MFP mayor and not the main MRT. So just to kind of show you that the values are the same. But if you see some discrepancies between the two, that's typically that there is a corruption within the file system. So not logic. Eight. We'll go through those portion a little bit quick on. Do you can probably videos and actually look at the conversions

08:45

between the true

08:46

and falls different combinations to see how they get the results. So this is our N gate are engaged, takes two inputs

08:54

and performs on output of cube. Our output of Q is based on our two inputs. So if both A and B are both true, then will be given a value of true for a que says you can see on the right are truth table, depending on

09:09

depending on what our value of a is, and their value of B gives us the result of Q

09:13

says you can see the owning time that our results is true for N Gate is if both values our presence now moving over to the or gate. This is quite opposite to the end gate as either one or the other has to be true in order for you to get results of true.

09:33

So this is more of an intersection. This is determining if

09:37

I brought the pie but Susan didn't bring the pie. Then the party's okay. If both myself and Susan brought pie, then we just have more pipe. But the condition is satisfied. Now we have the Knocke. This is just performing the opposite off. What are input is

09:54

so our input may be true at a result would be false