IFSM 310 Software and Hardware Concepts "You have to be a real stud hombre cybermuffin to handle 'Windows'" - Dave Barry Topics A+ Demo: Windows XP A+ OS Domain 2.0 Chapter 12: File and Secondary Storage Management Tech Tales A customer was having problems reading some files from a floppy. We asked her to mail us a copy of the floppy. Three days later we got the copy of the floppy... A Xerox copy of the floppy. A+ Demo Installing Windows XP Windows XP Blank Hard Drive Boot from XP CD A+ OS Domain 2.0 Installation, Configuration, and Upgrading 2.1 Identify the procedure for installing Windows OS, and brining the OS to as basic operational level. Windows 9x/ME Windows NT 4.0 Windows 2000 Windows XP System HW Before you Install System meet minimum requirements? Hardware compatibility? Hardware Compatibility List Fresh Install or Upgrade? Installation Type Typical, Custom, Laptop, Other
Partitions Primary - Bootable Extended - Logical Drives Which File System? Fat 16, Fat 32, NTFS Drive letters Primary Partitions get assigned letters first Can be specified in Win2K Drive 1 Drive 2 Primary C: D: Extended E: G: Extended F: Installation Methods Bootable CD Boot Floppies Network Installation Drive Imaging Ghost, Drive Image Installation Process - Win9x Pre-File Copy Phase Installation Type File Copy Phase Detection Phase Configuring System Settings setuplog.txt detcrash.log (detlog.txt) Installation Process - Win2k Boot from CD Partition the Drives File Copy Setup - Product Key Network Configuration Booting Post Installation Install Anti-virus software Update Signatures Windows Update Security patches System Updates Driver Updates 2.2 Upgrading Windows Not really recommended Start with clean install if possible Applications are preserved Have backup - not always possible to uninstall Upgrade Paths Upgrade Issues System meet minimum requirements? Hardware compatibility? Hardware Compatibility List Application Compatibility Apply service packs, patches, updates
2.3 Booting Windows Boot Sequence Boot Modes Boot Disks Emergency Repair Disks Win 9x Booting Sequence Boot Sector IO.SYS MSDOS.SYS DRVSPACE.BIN SYSTEM.DAT USER.DAT CONFIG.SYS AUTOEXEC.BAT SYSTEM.INI VMM32.VXD WIN.COM KERNAL32.DLL GDI.EXE/GDI32.EXE USER.EXE/USER32.DLL WIN.INI Startup Group Startup Menu Options (F8 at boot) Normal Logged Safe Mode (F5) Safe Mode w/network Support (F6) Step-by-Step confirmation (Shift+F8) Command Prompt Only (Shift+F5) Safe Mode Command Prompt Previous Version of DOS (F4) Boot Disks MS/DOS Format a: /s Windows 98 Control panel Add / Remove Programs Create Startup Disk Windows 2000 Boot True OS BOOT.INI NTLDR NTDETECT.COM NTOSKRNL.EXE Boot Modes (F8 at Boot) Normal Safe Mode Safe Mode with Network Support Safe Mode with Command Prompt Enable boot logging Enable VGA Mode Last Known Good Configuration Debugging mode Creating a W2K Boot Disk On the install CD \bootdisk\makeboot a: Better to boot from CD Repair options Emergency Repair Disk Contains configuration info Contain current information Update when changes made Create using W2k Backup Select Emergency Repair Disk Dual Booting Multiple version of windows on same system Select a different location to install windows
2.4 Installing Device Drivers Mostly Plug and Play New Hardware Wizard Printing Subsystem Loading Drivers on Startup At boot, Windows compares current configuration to what is in the registry If new device, find driver If driver not found, prompt Reinstalling / Replacing Drivers Updated driver new capability, bug fixes Control Panel System Hardware Device Manager Driver Issues Digital Signatures Installing Applications Windows Components Add/Remove Software Windows Setup tab May require CD Third party Software Setup Program MS/DOS - Modify PIF file Windows Printing Subsystem Installing a Printer Add Printer Icon Printer Properties Spooling Network printing Shared - system must be online 2.5 Identify procedures necessary to optimize the OS and major OS subsystems. Virtual Memory Management Disk Defragmentation Files and Buffers Caches Temporary file management Chapter 12 File and Secondary Storage Management File Management Systems Collection of system software that manages all aspects of user and program access to secondary storage Usually part of the operating system Translates operations into commands to physical storage devices Implemented in four layers (command layer, file control, storage I/O control, and secondary storage devices)
Logical and Physical Storage Views Bridges between logical and physical views of secondary storage Logical view Collection of files organized within directories and storage volumes Physical view Collection of physical storage locations organized as a linear address space Allocates secondary storage locations to individual files and directories Includes software modules for device drivers for each storage device or device controller, interrupt handlers, buffers and cache managers File Content and Type FMS supports limited number of file types: Executable programs Operating system commands Textual or unformatted binary data Modern FMSs can define new file types and install utility programs to manipulate them (file association) File Types Normally declared when a file is created and: Stored within a directory, or Declared through a filename convention Determine: Physical organization of data items and data structures within secondary storage Operations that may be performed upon the file Filename restrictions The file is subdivided into multiple records and each record is composed of multiple fields. Hierarchical Directory Structure Contain information about files and other directories, typically name, file type, location, size, ownership, access controls, and time stamps Directories can contain other directories, creating a tree structure, but cannot be contained within more than one parent Ways that names of access paths can be specified: Complete path (fully qualified reference) Relative path Each storage device has a root directory
Graph Directory Structure More flexible than hierarchical directory structure Files and subdirectories can be contained within multiple directories Directory links can form a cycle Storage Allocation Secondary storage devices Large number of storage locations; low frequency of allocation changes Divided into allocation units Active (working) directory Allocation Units Smallest number of secondary storage bytes that can be allocated to a file; cannot be smaller than unit of data transfer between storage device and controller (block) Assigned/reclaimed by FMS as files and directories are created or expanded/shrink or are deleted Size difficult to change once set Allocation Unit Size Tradeoffs Efficient use of secondary storage space for files Size of storage allocation data structures Efficiency of storage allocation procedures Smaller units: More efficient use of storage space Larger units: Allow smaller storage allocation data structures Storage Allocation Tables Data structures that record which allocation units are free and which belong to files Format and content vary across FMSs Can contain linked lists in simpler FMSs or indices or other complex data structures in more complex FMSs Free allocation units are assigned to a hidden system file called SysFree. All of a file allocation s units are chained together in sequential order by a series of pointers.
Blocking Logical record grouping within physical records Described by a numeric ratio of logical records to physical records (blocking factor) Blocking factor = 4:3 Buffering Temporary storage of data as it moves between programs and secondary storage devices Physical records are stored in the buffer as they are read from secondary storage FMS extracts logical records from buffers and copies them to data area of the application program Each buffer is the size of one allocation unit Improves I/O performance if enough are used Blocking factor = 2:3 File Manipulation Exact set of service layer functions varies among FMSs, but typically includes create, copy, move, delete, read, and write Application programs interact directly with FMS through OS service layer Users interact indirectly with FMS through command layer File Open and Close Operations File open Causes FMS to find the file, verify access privileges, allocate buffers, and update internal table of open files File close Causes FMS to flush buffer content to the storage device, release buffers, update file time stamps, and update table of open files Delete and Undelete Operations Delete Does not immediately remove files; some content remains on secondary storage unit all allocation units have been reassigned and overwritten File content can be visible to intruders Undelete Can be used to reconstruct directory and storage allocation table contents Forensic Demo Recovering Data from Disks Examining a Disk - FTK Imager Page / Acquire / FTK Imager Start Imager Let's Start with a blank floppy Start with clean Floppy Copy accountinfo.txt to A: Overwrite it Delete it Format it (Quick)
Wipe This program will do a secure wipe. 3 passes: FF, Random, 00 Erasing Hard Drives - Step 1 Erasing Hard Drives - Step 2 Page / Incident Response / Misc Tools Command Shell wipe \\.\a: To use disk again, need to format it. Access Controls Granted by file owners and system administrators for reading, writing, and executing files Provide security at the expense of additional FMS overhead File Backup Protects against data loss (file content, directory content, and storage allocation tables) Store backup copies on a different storage device in a different physical location Manual or automatic Full or incremental Transaction Logging Automatically records all changes to file content and attributes in a separate storage area; also writes them to the file s I/O buffer Provides high degree of protection against data loss due to program or hardware failure Imposes a performance penalty; used only when costs of data loss are high File Recovery Automated and manual components Can search backup logs for copies of lost or damaged files Can perform consistency checking and repair procedures for crashed system or physically damaged storage device Fault Tolerance Methods of securing file content against hardware failure File backup Recovery Transaction logging Mirroring RAID (Redundant Array of Inexpensive Disks) Mirroring All disk write operations are made concurrently to two different storage devices Provides high degree of protection against data loss with no performance penalty if implemented in hardware Disadvantages Cost of redundant disk drives Higher cost of disk controllers that implement mirroring
RAID Disk storage technique that improves performance and fault tolerance All levels except RAID 1 use data striping Breaks a unit of data into smaller segments and stores them on multiple disks Multiple levels can be layered to combine their best features (e.g. RAID 10) Can be implemented in hardware or software Raid 0 - Data striping: Each segment is written in parallel to a separate disk. Raid 4 - If the parity disk fails, the other disks still retain their original data bits. Storage Consolidation RAID 10: Mirrors individual disks (RAID 1), then stripes data (RAID 0) across multiple mirrored pairs. Storage Area Network (SAN) High-speed interconnection among general-purpose servers and one or more storage servers Block-oriented access Common in multi-server environments with mainframes or supercomputers and substantial overlap among server storage needs Expensive to purchase and administer, but avoid costs of duplicate storage and storage administration Network-Attached Storage (NAS) Dedicated to managing one or more file systems Accessed by other servers and clients over a local or wide area network File-oriented access Common when geographically dispersed servers need access to a common file system Cheaper to acquire than SAN, but at the price of lower performance Parting Thought "The danger from computers is not that they will eventually get as smart as men, but that we will meanwhile agree to meet them halfway." - Bernard Avishai End of Lesson