Windows 3.11. Forensic Overview: MS-DOS and. Windows 3.11. MS-DOS / PC-
DOS. Microsoft Disk Operating System. - PC-DOS was IBM's version for its PC.
CSC414
Forensic Overview: Computer MS-DOS System and Fundamentals Windows 3.11 Digital Forensics Center Department of Computer Science and Statics
U
THINK BIG
MS-DOS / PC-DOS Microsoft Disk Operating System
-
http://www.forensics.cs.uri.edu
Programs were segregated Program files in a single directory Copy program directory to another system and run it
Boot Disks only need three files
WE DO
R I
PC-DOS was IBM's version for its PC
Programs usually self-contained
- command.com - config.sys - io.sys
00:00
00:18
MS-DOS / PC-DOS
MS-DOS / PC-DOS
Single user system
File names limited to 8 characters with 3 character extension
- Only one program could run at a time - Terminate and stay resident (TSR) programs were an exception
-
-
No strong association between file extension and type
-
Users could use extension for filename or initials
Utilities, viruses, key-loggers
Simple Operating System Environment
- No shared device drivers -
-
Device drivers integrated in to programs
- No shared .dll files (Dynamically Linked Library)
- No Windows registry -
Each program used a .ini or .cfg file
Could not search for .doc for *all* documents
Some common applications
-
Lotus 1-2-3, Microsoft Multiplan Word Perfect, Microsoft Word
01:18
02:36
MS-DOS / PC-DOS
Windows 3.11
Digital Forensics didn't exist
-
-
No special forensics tools
-
Had to relay on system tools and programs
-
UNDELETE, UNFORMAT
-
BACKUP, RESTORE
Commercial tools were repurposed
-
Norton Utilities
-
-
Not it's own operating system GUI replaces command line interface Icons were short-cuts to programs Files represented as icons or graphics Intermediary between user and operating system
-
DiskEdit and Unerase
Disk compression was an issue
-
Provided a GUI interface to DOS
-
DoubleSpace, DRVSPACE, Stacker
03:30
-
GUI translates clicks and drags into DOS commands
DOS command line still available
-
Examining system
04:49
Windows 3.11 MS-DOS HARDWARE
Windows 3.x
Windows 3.x
File Manager not integrated
-
Forensic Issues
-
Separate program
DLL's introduced
-
-
Files common to Windows programs
-
users create shortcuts for regularly used programs
-
favorite groups of programs user preferences of activities
Missing DLL's caused errors and prevent programs from running
Common system-wide device drivers
06:53
05:36
Forensic Overview: MS-DOS and Windows 3.11 Digital Forensics Center Department of Computer Science and Statics
U
THINK BIG
WE DO
R I http://www.forensics.cs.uri.edu
07:58
Virtual Memory Implemented
-
Evidence of recent computer activity Swap file located at
- c:\windows\win386.swp
Desktop and preferences for users
how to draw windows and menus
Cannot simply copy application directory from one system to another an have it run (some did)
