IFSM 310
Software and Hardware Concepts
"You have to be a
real stud hombre
cybermuffin to
handle 'Windows'"
- Dave Barry
Topics
A+ Demo: Windows XP
A+ OS Domain 2.0
Chapter 12: File and Secondary Storage
Management
Tech Tales
A customer was having problems
reading some files from a floppy. We
asked her to mail us a copy of the
floppy.
Three days later we got the copy of the
floppy... A Xerox copy of the floppy.
A+ Demo
Installing
Windows XP
Windows XP
Blank Hard Drive
Boot from XP CD
A+ OS Domain 2.0
Installation,
Configuration, and
Upgrading
2.1 Identify the procedure for installing
Windows OS, and brining the OS to
as basic operational level.
Windows 9x/ME
Windows NT 4.0
Windows 2000
Windows XP
System
HW
Before you Install
System meet minimum requirements?
Hardware compatibility?
Hardware Compatibility List
Fresh Install or Upgrade?
Installation Type
Partitions
Primary - Bootable
Extended - Logical Drives
Which File System?
Fat 16, Fat 32, NTFS
Drive letters
Primary Partitions get assigned
letters first
Can be specified in Win2K
Drive 1
Drive 2
Primary
C:
D:
Extended
E:
G:
Extended
F:
Installation Methods
Bootable CD
Boot Floppies
Network Installation
Drive Imaging
Ghost, Drive Image
Installation Process - Win9x
Pre-File Copy Phase
Installation Type
File Copy Phase
Detection Phase
Configuring System Settings
setuplog.txt
detcrash.log (detlog.txt)
Installation Process - Win2k
Boot from CD
Partition the Drives
File Copy
Setup - Product Key
Network Configuration
Booting
Post Installation
Install Anti-virus software
Update Signatures
Windows Update
Security patches
System Updates
Driver Updates
2.2 Upgrading Windows
Not really recommended
Start with clean install if possible
Applications are preserved
Have backup - not always possible to
uninstall
Upgrade Paths
Upgrade Issues
System meet minimum requirements?
Hardware compatibility?
Hardware Compatibility List
Application Compatibility
2.3 Booting Windows
Boot Sequence
Boot Modes
Boot Disks
Emergency Repair Disks
Win 9x Booting Sequence
Boot Sector IO.SYS MSDOS.SYS DRVSPACE.BIN SYSTEM.DAT USER.DAT CONFIG.SYS AUTOEXEC.BAT SYSTEM.INI VMM32.VXD WIN.COM KERNAL32.DLL GDI.EXE/GDI32.EXE USER.EXE/USER32.DLL WIN.INI Startup GroupStartup Menu Options (F8 at boot)
Normal
Logged
Safe Mode (F5)
Safe Mode w/Network Support (F6)
Step-by-Step confirmation (Shift+F8)
Command Prompt Only (Shift+F5)
Safe Mode Command Prompt
Previous Version of DOS (F4)
Boot Disks
MS/DOS
Format a: /s
Windows 98
Control panel
Add / Remove Programs
Create Startup Disk
Windows 2000 Boot
True OS
BOOT.INI
NTLDR
NTDETECT.COM
NTOSKRNL.EXE
Boot Modes (F8 at Boot)
Normal
Safe Mode
Safe Mode with Network Support
Safe Mode with Command Prompt
Enable boot logging
Enable VGA Mode
Last Known Good Configuration
Debugging mode
Creating a W2K Boot Disk
On the install CD
\bootdisk\makeboot a:
Better to boot from CD
Repair options
Emergency Repair Disk
Contains configuration info
Contain current information
Update when changes made
Create using W2k Backup
Select Emergency Repair Disk
Dual Booting
Multiple version of windows on same
system
Select a different location to install
windows
2.4 Installing Device Drivers
Mostly Plug and Play
New Hardware Wizard
Printing Subsystem
Loading Drivers on Startup
At boot, Windows compares current
configuration to what is in the registry
If new device, find driver
If driver not found, prompt
Reinstalling / Replacing Drivers
Updated driver
new capability, bug fixes
Control Panel
System
Hardware
Device Manager
Driver Issues
Digital Signatures
Installing Applications
Windows Components
Add/Remove Software
Windows Setup tab
May require CD
Third party Software
Setup Program
MS/DOS - Modify PIF file
Windows Printing Subsystem
Installing a Printer
Add Printer Icon
Printer Properties
Spooling
Network printing
Shared - system must be online
2.5 Identify procedures necessary to
optimize the OS and major OS
subsystems.
Virtual Memory Management
Disk Defragmentation
Files and Buffers
Caches
Temporary file management
Chapter 12
File and Secondary
Storage Management
File Management Systems
• Collection of system software that manages all aspects of user and program access to secondary storage
• Usually part of the operating system
• Translates operations into commands to physical storage devices
• Implemented in four layers (command layer, file control, storage I/O control, and secondary storage devices)
Bridges between logical and physical views of secondary storage
Allocates secondary storage locations to individual files and directories Includes software modules for device drivers for each storage device or device controller, interrupt handlers, buffers and cache managers
Logical and Physical Storage Views
• Logical view
– Collection of files organized within directories and storage volumes
• Physical view
– Collection of physical storage locations organized as a linear address space
The file is subdivided into multiple records and each record is composed of multiple fields.
File Content and Type
• FMS supports limited number of file types:
– Executable programs – Operating system commands – Textual or unformatted binary data
• Modern FMSs can define new file types and install utility programs to manipulate them (file
association)
File Types
• Normally declared when a file is created and:
– Stored within a directory, or
– Declared through a filename convention
• Determine:
– Physical organization of data items and data structures within secondary storage
– Operations that may be performed upon the file – Filename restrictions
Hierarchical Directory Structure
• Contain information about files and other
directories, typically name, file type, location, size, ownership, access controls, and time stamps • Directories can contain other directories, creating a
tree structure, but cannot be contained within more than one parent
• Ways that names of access paths can be specified:
– Complete path (fully qualified reference) – Relative path
Active (working)
directory
Graph Directory Structure
• More flexible than hierarchical directory structure
– Files and subdirectories can be contained within multiple directories
– Directory links can form a cycle
Storage Allocation
• Secondary storage devices
– Large number of storage locations; low frequency of allocation changes
– Divided into allocation units
Allocation Units
• Smallest number of secondary storage bytes that can be allocated to a file; cannot be smaller than unit of data transfer between storage device and controller (block)
• Assigned/reclaimed by FMS as files and directories are created or expanded/shrink or are deleted • Size difficult to change once set
Allocation Unit Size
• Tradeoffs
– Efficient use of secondary storage space for files – Size of storage allocation data structures – Efficiency of storage allocation procedures
• Smaller units: More efficient use of storage space • Larger units: Allow smaller storage allocation data
structures
Storage Allocation Tables
• Data structures that record which allocation units are free and which belong to files
• Format and content vary across FMSs
• Can contain linked lists in simpler FMSs or indices or other complex data structures in more complex FMSs
Free allocation units are assigned to a hidden system file called SysFree.
All of a file allocation’s units are “chained” together in sequential order by a series of pointers.
Blocking
• Logical record grouping within physical records • Described by a numeric ratio of logical records to
physical records (blocking factor)
Blocking factor = 4:3
Blocking factor = 2:3
Buffering
• Temporary storage of data as it moves between programs and secondary storage devices
– Physical records are stored in the buffer as they are read from secondary storage
– FMS extracts logical records from buffers and copies them to data area of the application program
• Each buffer is the size of one allocation unit • Improves I/O performance if enough are used
File Manipulation
• Exact set of service layer functions varies among FMSs, but typically includes create, copy, move, delete, read, and write
• Application programs interact directly with FMS through OS service layer
• Users interact indirectly with FMS through command layer
File Open and Close Operations
• File open
– Causes FMS to find the file, verify access privileges, allocate buffers, and update internal table of open files
• File close
– Causes FMS to flush buffer content to the storage device, release buffers, update file time stamps, and update table of open files
Delete and Undelete Operations
• Delete
– Does not immediately remove files; some content remains on secondary storage unit all allocation units have been reassigned and overwritten – File content can be visible to intruders
• Undelete
– Can be used to reconstruct directory and storage allocation table contents
Forensic Demo
Recovering Data
from Disks
Examining a Disk - FTK Imager
Page / Acquire / FTK Imager
Start Imager
Let's Start with a blank floppy
Start with clean Floppy
Copy accountinfo.txt to A:
Overwrite it
Delete it
Wipe
This program will do a secure wipe.
3 passes: FF, Random, 00
Page / Incident Response / Misc Tools
Command Shell
wipe \\.\a:
To use disk again, need to format it.
Erasing Hard Drives - Step 1
Erasing Hard Drives - Step 2
Access Controls
• Granted by file owners and system administrators for reading, writing, and executing files
• Provide security at the expense of additional FMS overhead
File Backup
• Protects against data loss (file content, directory content, and storage allocation tables)
• Store backup copies on a different storage device in a different physical location
• Manual or automatic • Full or incremental
Transaction Logging
• Automatically records all changes to file content and attributes in a separate storage area; also writes them to the file’s I/O buffer
• Provides high degree of protection against data loss due to program or hardware failure
• Imposes a performance penalty; used only when costs of data loss are high
File Recovery
• Automated and manual components • Can search backup logs for copies of lost or
damaged files
• Can perform consistency checking and repair procedures for crashed system or physically damaged storage device
Fault Tolerance
• Methods of securing file content against hardware failure
– File backup – Recovery
– Transaction logging – Mirroring
– RAID (Redundant Array of Inexpensive Disks)
Mirroring
• All disk write operations are made concurrently to two different storage devices
• Provides high degree of protection against data loss with no performance penalty if implemented in hardware
• Disadvantages
– Cost of redundant disk drives
– Higher cost of disk controllers that implement mirroring
RAID
• Disk storage technique that improves performance and fault tolerance
• All levels except RAID 1 use data striping
– Breaks a unit of data into smaller segments and stores them on multiple disks
• Multiple levels can be layered to combine their best features (e.g. RAID 10)
• Can be implemented in hardware or software
Raid 0 - Data striping: Each segment is written in parallel to a separate disk.
Raid 4 - If the parity disk fails, the other disks still retain their original data bits.
RAID 10: Mirrors individual disks (RAID 1), then stripes data (RAID 0) across multiple mirrored pairs.
Storage Consolidation
Storage Area Network (SAN) Network-Attached Storage (NAS)
• High-speed interconnection among general-purpose servers and one or more storage servers • Block-oriented access • Common in multi-server
environments with mainframes or supercomputers and substantial overlap among server storage needs
• Expensive to purchase and administer, but avoid costs of duplicate storage and storage administration
• Dedicated to managing one or more file systems
• Accessed by other servers and clients over a local or wide area network
• File-oriented access • Common when geographically
dispersed servers need access to a common file system
• Cheaper to acquire than SAN, but at the price of lower performance
