Saturday 24 December 2011

Understanding the Operating System is a must in Digital Forensics

Usually digital forensics trainer will be mentioning about computer anatomy in their lecture. This is to ensure the computer bits and pieces are well described to the students.

It is common for the computer exhibit to be disassembled during the preservation phase. This is required in order to image/duplicate the hard disk evidence. Then the duplicated hard disk digital evidence is analyzed for any relevant info/data of the case. With the above process, it shows that the understanding of computer anatomy is important.

Equally important is the knowledge of the operating system at kernel level. This is essential for a digital forensics analyst to perform well. The operation relationship between computer hardware and software can be visualized better.

The operating system structure is divided into four areas as follows.
1)Device management - to handle the access to the input and output devices required by the computer applications or processes.
2)Memory management - apart from the operating system itself, other applications or processes are sharing the memory and it is the task of the operating system to manage/control the allocation.
3)File system management - the processed information must be stored and organized in a proper manner.
4)Process management - managing all processes accordingly by providing resources required. In a multitasking environment, many processes or applications can run at the same time.