CSC414 Computer System Fundamentals THINK BIG WE DO U R I http://www.forensics.cs.uri.edu Digital Forensics Center Department of Computer Science and Statics Forensic Overview: MS-DOS and Windows 3.11 Forensic Overview: MS-DOS and Windows 3.11 MS-DOS / PC-DOS Microsoft Disk Operating System - PC-DOS was IBM's version for its PC Programs usually self-contained - Programs were segregated - Program files in a single directory - Copy program directory to another system and run it Boot Disks only need three files - command.com - config.sys - io.sys MS-DOS / PC-DOS Single user system - Only one program could run at a time - Terminate and stay resident (TSR) programs were an exception - Utilities, viruses, key-loggers Simple Operating System Environment - No shared device drivers - Device drivers integrated in to programs - No shared .dll files (Dynamically Linked Library) - No Windows registry - Each program used a .ini or .cfg file MS-DOS / PC-DOS File names limited to 8 characters with 3 character extension - No strong association between file extension and type - Users could use extension for filename or initials - Could not search for .doc for *all* documents Some common applications - Lotus 1-2-3, Microsoft Multiplan - Word Perfect, Microsoft Word MS-DOS / PC-DOS Digital Forensics didn't exist - No special forensics tools - Had to relay on system tools and programs - UNDELETE, UNFORMAT - BACKUP, RESTORE - Commercial tools were repurposed - Norton Utilities - DiskEdit and Unerase - Disk compression was an issue - DoubleSpace, DRVSPACE, Stacker Windows 3.11 Provided a GUI interface to DOS - Not it's own operating system - GUI replaces command line interface - Icons were short-cuts to programs - Files represented as icons or graphics - Intermediary between user and operating system - GUI translates clicks and drags into DOS commands - DOS command line still available - Examining system HARDWARE MS-DOS Windows 3.11