2.2 PC Introduction

Digital Forensics Lab Walkthrough â‹… 2 Basic Computer Skills for Digital Forensics â‹… 2.2 PC Introduction


Computer Systems

A computer system can be broken down into four layers.

  1. User: The person or program that interacts with the computer

  2. Applications:

  3. Operating system:

  4. Device or computer hardware:

When a user takes an action, the effects of that action trickles down to the other three layers. As a result, evidence of that action is generated at each layer.

A computer can be broken down into many parts, as shown in the diagram below. The most important parts of a computer for digital forensic practitioner are the drive bayes, RAM, and CPU.

[TODO: insert image here]

We can check out information about a Windows system in the command line using the systeminfo command. TODO.

How Do Computer Systems Work?

Why is Computer Forensics Hard?

Computer forensics is difficult and complex.

Technical difficulties OS: different OS types, versions, complexity of OS Applications: many applications, different version of applications Hardware: CPU, GPU, camera

Ever-advancing technology: e.g., database changes, SSD vs HDD, EV car A complex and connected world IoT devices: Alex, Camera, Fitbit, Smart Phone Information explosion too much information, different type of evidence how to collect, analyze, validate them systematically?

Skilled computer forensic practitioners understand not only computer science and security, but also criminal justice and law.

Hard Disk Drives

Calculating Disk Partitions

PC Boot Process

File Systems


Last updated