CIT430 Ch5 – Flashcards

Unlock all answers in this set

Unlock answers
question
alternate data streams
answer
ways in which data can be appended to a file (intentionally or not) and potentially obscure evidentiary data. In NTFS, these become an additional file attribute
question
American Standard Code for Information Interchange (ASCII)
answer
an 8-bit coding scheme that assigns numeric values to up to 256 characters, including letters, numerals, punctuation marks, control characters, and other symbols
question
areal density
answer
the number of bits per square inch of a disk platter
question
attribute ID
answer
in NTFS, an MFT record field containing metadata about the file or folder and the file's data or links to the file's data
question
Boot.ini
answer
a file that specifies the Windows path installation and a variety of other startup options
question
BootSect.dos
answer
if a machine has multiple booting OSs, NTLDR reads this file, which is a hidden file, to determine the address (boot sector location) of each OS
question
bootstrap process
answer
information contained in ROM that a computer accesses during startup; this information tells the computer how to access the OS and hard drive
question
clusters
answer
storage allocation units composed of groups of sectors. these are 512, 1024, 2048, or 4096 bytes each
question
cylinder
answer
a column of tracks on two or more disk platters
question
data runs
answer
cluster addresses where files are stored on a drive's partition outside the MFT recortd. these are used for nonresident MFT file records. this record field consists of three components; the first component defines the size in bytes needed to store the second and third components' content
question
device drivers
answer
files containing instructions for the OS for hardware devices, such as the keyboard, mouse, and video card
question
drive slack
answer
unused space in a cluster between the end of an active file and the end of the cluster. It can contain deleted files, deleted e-mail, or file fragments. This is made up of both file slack and RAM slack
question
Encrypting File System (EFS)
answer
a public/private key encryption first used in Windows 2000 on NTFS-formatted disks. The file is encrypted with a symmetric key, and then a public/private key is used to encrypt the symmetric key
question
File Allocation Table (FAT)
answer
the original Microsoft file structure database. It's written to the outermost track of a disk and contains information about each file stored on the drive. PCs variations are ___12, 16, 32, V___, and ___X
question
file slack
answer
the unused space created when a file is saved. If the allocated space is larger than the file, the remaining space is slack space and can contain passwords, logon IDs, file fragments, and deleted e-mails
question
file system
answer
the way files are stored on a disk; gives an OS a road map to data on a disk
question
geometry
answer
a disk drive's internal organization of platters, tracks, and sectors
question
Hal.dll
answer
the Hardware Abstraction Layer dynamic link library allows the OS kernel to communicate with hardware
question
head
answer
the device that reads and writes data to a disk drive
question
head and cylinder skew
answer
a method manufacturers use to minimize lag time. The starting sectors of tracks are slightly offset from each other to move the read-write head
question
High Performance File System (HPFS)
answer
the file system IBM uses for its OS/2 operating system
question
Info2 file
answer
in Windows NT through Vista, the control file for the Recycle Bin. It contains ASCII data, Unicode data, and date and time of deletion
question
ISO image
answer
a bootable file that can be copied to a CD or DVD, typically used for installing operating systems. It can also be read by virtualization software when creating a virtual boot disk
question
logical addresses
answer
when files are saved, they are assigned to clusters, which the OS numbers sequentially starting at 2. Logical addresses point to relative cluster positions, using these assigned cluster numbers
question
logical cluster numbers (LCNs)
answer
the numbers sequentially assigned to each cluster when an NTFS disk partition is created and formatted. the first cluster on an NTFS partition starts at count 0. These become the addresses that allow MFT to read and write data to the disks nonresident attribute area.
question
Master Boot Record (MBR)
answer
on Windows and DOS computers, this boot disk file contains information about partitions on a disk and their locations, size, and other important items
question
Master File Table (MFT)
answer
NTFS uses this database to store and link to files. It contains information about access rights, date and time stamps, system attributes, and other information about files
question
metadata
answer
in NTFS, this term refers to information stored in the MFT
question
NTBootdd.sys
answer
a device driver that allows the OS to communicate with SCSI or ATA drives that aren't related to the BIOS
question
NTDetect.com
answer
a 16-bit program that identifies hardware components during startup and sends the information to Ntldr
question
NT File System (NTFS)
answer
the file system Microsoft created to replace FAT. This uses security features, allows smaller cluster sizes, and uses Unicode, which makes it a more versatile system. This is used mainly on new OSs, starting with Windows NT.
question
NT Loader (Ntldr)
answer
A program located in the root folder of the system partition that loads the OS
question
Ntoskrnl.exe
answer
the kernel for the Windows NT family of OSs
question
one-time passphrase
answer
a password used to access special accounts or programs requiring a high level of security, such as a decryption utility for an encrypted drive. This passphrase can be used only once, and then it expires
question
Pagefile.sys
answer
At startup, data and instruction code are moved in and out of this file to optimize the amount of physical RAM available during startup
question
partition
answer
a logical drive on a disk. It can be the entire disk or part of the disk
question
Partition Boot Sector
answer
the first data set of an NTFS disk. It starts at sector [0] of the disk drive and can expand up to 16 sectors
question
partition gap
answer
unused space or void between the primary partition and the first logical partition
question
personal identity information (PII)
answer
any information that can be used to create bank or credit card accounts, such as name, home address, Social Security number, and driver's licence number
question
physical addresses
answer
the actual sectors in which files are located. Sectors reside at the hardware and firmware level
question
private key
answer
in encryption, the key used to decrypt the file. The file owner keeps this
question
public key
answer
in encryption, the key sued to encrypt a file; it's held by a certificate authority, such as a global registry, network server, or company such as VeriSign
question
RAM slack
answer
the unused space between the end of the file (EOF) and the end of the last sector used by the active file in the cluster. Any data residing in RAM at the time the file is saved, such as logon IDs and passwords, can appear in this area, whether the information was saved or not. This is found mainly in older Microsoft OSs.
question
recovery certificate
answer
a method NTFS uses so that a network administrator can recover encrypted files if the file's user/creator loses the private key encryption code
question
Registry
answer
a Windows database containing information about hardware and software configurations, network connections, user preferences, setup information, and other critical information
question
Resilient File System (ReFS)
answer
a new file system developed for Windows Server 2012. it allows increased scalability for disk storage and improved features for data recovery and error checking
question
sector
answer
a section on a track, typically made up of 512 bytes
question
track density
answer
the space between tracks on a disk. the smaller the space between tracks, the more tracks on a disk. Older drives with wider track densities allowed the heads to wander
question
tracks
answer
concentric circles on a disk platter where date is stored
question
unallocated disk space
answer
partition disk space that isn't allocated to a file. this space might contain data from files that have been deleted previously
question
unicode
answer
a character code representation that's replacing ASCII. It's capable of representing more than 64,000 characters and non-European-based languages
question
UTF-8 (Unicode Transformation Format)
answer
one of three formats Unicode uses to translate languages for digital representation
question
virtual cluster number (VCN)
answer
When a large file is saved in NTFS, it's assigned a logical cluster number specifying a location on the partition. Large files are referred to as nonresident files. If the disk is highly fragmented, VCNs are assigned and list the additional space needed to store the file. The LCN is a physical location on the NTFS partition; VCNs are the offset from the previous LCN data run
question
virtual hard disk (VHD)
answer
a file representing a system's hard drive that can be booted in a virtualization application and allows running a suspect's computer in a virtual environment
question
virtual machines
answer
emulated computer environments that simulate hardware and can be used for running OSs separate from the physical (host) computer. For example, a computer running Windows Vista could have a virtual Windows 98 OS, allowing the user to switch between OSs.
question
wear-leveling
answer
an internal firmware feature used in solid-state drives that ensures even wear of read/writes for all memory cells
question
zone bit recording (ZBR)
answer
the method most manufacturers use to deal with a platter's inner tracks being shorter than the outer tracks. Grouping tracks by zones ensures that all tracks hold the same amount of data
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New