Forensic Investigator, Part 03 of 10: Hard Disks and File Systems

Course description

When conducting a forensic investigation, you will be looking for potential evidence that can be used in the court of law to support charges against a criminal. This evidence will be located somewhere on a device, likely on a hard disk or in the files systems. Discover the physical make-up of hard disk drives and solid state drives, and explore the logical file system where the data is actually located on the drive. Additionally, examine partitions and the booting processes for the three major operating systems: Windows, Linux, and Mac OS X. This course is part of a series covering the EC-Council Computer Hacking Forensic Investigator (CHFI).

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.

Prerequisites

Recommended: Understanding of networking; How data flows from source and destination Computer security basics such as passwords, encryption and physical security Basic understanding of computing and computer systems Experience with various operating systems

Meet the expert

David Bigger

David Bigger is the lead trainer at Bigger IT Solutions. He has been information technology for a little over 20 years and has been training all over the US. He has worked with companies like US Military, Lockheed Martin, General Dynamics, Dominos Pizza, University of Utah and Expedia

Video Runtime

60 Minutes

Time to complete

80 Minutes

Course Outline

Hard Disks and File Systems

Hard Disks (24:31)

• Introduction (00:24)
• Hard Disks and File Systems (00:48)
• Hard Drive or Disk (02:12)
• Hard Drive Structure (00:54)
• HDD - Hard Drvie Disk (03:10)
• SSD - Solid State Drive (03:00)
• Physical Structure (02:20)
• Clusters (00:40)
• Slack Space (01:32)
• Some Hard Disk Terms (01:05)
• Interfaces and Connections (02:13)
• RAID (05:49)
• Summary (00:18)

File Systems (24:45)

• Introduction (00:27)
• File Systems (00:31)
• Partitions (05:26)
• MBR vs. GPT (02:58)
• File Systems (01:18)
• Windows File Systems (00:40)
• FAT or FAT16 (02:21)
• FAT32 (01:04)
• NTFS (00:37)
• NTFS Cluster Size (01:14)
• NTFS Master File Table (01:09)
• Linux File Systems (01:00)
• Linux File System - Ext (00:34)
• Linux File System - Ext2 (00:40)
• Linux File System - Ext3 (00:53)
• Linux File System - Ext4 (00:49)
• Apple File Systems (00:11)
• HFS (01:14)
• HFS+ (01:13)
• Summary (00:19)

Booting (11:06)

• Introduction (00:22)
• The Boot Process (01:34)
• Windows Boot Process (01:39)
• Windows Boot Process - BIOS (02:54)
• Windows Boot Process - MBR (00:34)
• Windows Boot Process - UEFI (01:28)
• Linux Boot Process (00:43)
• Mac Boot Process (01:28)
• Summary (00:20)