DOCSLIB.ORG

Windows 9X / ME

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Windows 9X / ME CSC414 Windows 9x / ME Computer Forensic Overview: Editions Covered in this lecture: System Win95 to Win98 - Windows 95 Fundamentals - Windows 95b and WinME - Windows 95 OEM Service Release 2 (OSR2) - Not available for purchase, pre-installed by manufacturer - Windows 98 - Windows 98SE Digital Forensics Center Department of Computer Science and Statics THINK BIG WE DO - Windows ME (Millennium Edition) Windows is an operating system by itself U R I - Does not need DOS underneath http://www.forensics.cs.uri.edu File System System Features Windows 95 Forensic Issues Plug and Play - Virtual FAT (VFAT) - More data to analyze! - Easier to restore an image of a seized computer on different hardware - FAT16 with long filename support - DOS 6.22 Boot diskette cannot read - Different drivers are needed for support on other system FAT32 file systems - People used more descriptive and - Easier with "Add new hardware wizard" accurate file names - Need WIN95 OSR2 or later boot - Can reconfigure system automatically Windows 95b (OSR2) diskette for FAT32 Registry introduced - Introduced FAT32 - Setting about the computer and programs - Larger partitions and better use of - Gold mine of forensic information disk space User profiles - Up to 2 TB addressable in single - Multiple users on a computer partition - Can determine which user downloaded files or ran a program User Interface User Interface Shortcuts Start Menu - .lnk file - Program Groups - links any programs and files - Quick list of many installed programs - can indicate frequently used programs, files and web sites - Recent Document Groups Internet Explorer - Useful in retracing steps in the use of the computer - Lots of good forensic information - Start-up Group - Favorites, Typed URLS, History, Cache, Cookies - Can be run when computer starts up - Typed URLs show intent - Programs for clearing Internet cache - Many ways to show where they have been - Auto clean utilities that run automatically on start or shutdown Many additional user activity files available - index.dat files, though binary, have information Recycle Bin Recycle Bin User can mark files for deletion When moved to Recycle Bin, a file is - File is moved to the Recycle Bin - moved to the C:\Recycled directory - Files are not deleted until Recycle Bin - renamed to a generic name - is emptied - for example, readme.txt becomes DC1.txt - is full (based on number of bytes in Recycle Bin) - File extension stays same - older files are deleted (FIFO) - Windows Explorer does not show actual file name in Recycle Bin but shows original - can be set in Properties of Recycle Bin - INFO2 file holds original file location info for restore purposes - Users can restore files in Recycle Bin before it is emptied - Moving a file does not change the sectors it uses on the disk - When user empties Recycle Bin - Only the name or the directory entry are changed - Only file directory entry is overwritten - File data still exists on the disk Networking Networking more common and easier Forensic Overview: - Mapped drives Win95 to Win98 and - Remote data storage - Permissions WinME Forensic Issues - Where is the data? - Local, on-site or somewhere else Digital Forensics Center - Can cause warrant issues Department of Computer Science and Statics THINK BIG WE DO - Is a supplemental warrant required - If not sure, segregate data so that it is not co-mingled with data on the local drive U R I - Prevents evidence being lost in a suppression hearing http://www.forensics.cs.uri.edu.
Load more

Recommended publications
  • Sources of Information About the HP Noteb
    9 Jan 2002 This file contains the most up-to-date information on the following topics: Sources of Information about the HP notebook computer and Windows Precautions Changing Display Settings Setting the Display after Docking (Windows 2000 or XP) Fixing Display Settings when Docking Using Wireless LAN Using HP Presentation Ready Setting Up a TV Undocking with MusicMatch (Windows 2000 or XP) Checking the Modem Dialing Setting Working with Graphic-Intensive Applications Running in MS-DOS Mode Windows 98 Disabling the Infrared Port before Recovering Software Windows 2000 Running the Tour of Windows 2000 Reinstalling HP One-Touch Windows XP Using Extended Desktop Microsoft Plus! Not Recommended Best Practices for Using Your HP Notebook Computer Physical Care General Use Sources of Information * The printed Startup Guide introduces the notebook computer and shows you the basics. It also contains troubleshooting information. * The online Reference Guide shows how to set up the operating system, install and connect accessories, and maintain and upgrade the computer (for Windows 98 or 2000, click Start, Programs, HP Library, or for Windows XP, click Start, Help and Support, HP Library). * The Microsoft Windows manual, shipped with your computer, contains information about using the standard features of your Windows operating system. * For updates to the BIOS and other technical documentation, connect to our website at http://www.hp.com/go/support. Precautions This section describes certain situations that could cause serious loss of data. Do not remove a data storage PC Card while it is actively reading or writing. This could cause its data to become corrupted. Certain applications, such as Intuit's Quicken, keep their working files open, and they update the files as you make changes.
    [Show full text]
  • Why Os/2 Failed: Business Mistakes Compounded by Memory Prices
    Mountain Plains Journal of Business and Economics Volume 10 Issue 1 Article 4 Date Published: 10-1-2009 Why Os/2 Failed: Business Mistakes Compounded By Memory Prices Eric G. Swedin Weber State University Davis Follow this and additional works at: https://openspaces.unk.edu/mpjbt Part of the Business Commons Recommended Citation Swedin, E. G. (2009). Why Os/2 Failed: Business Mistakes Compounded By Memory Prices. Mountain Plains Journal of Business and Economics, 10(1). Retrieved from https://openspaces.unk.edu/mpjbt/ vol10/iss1/4 This Case Study is brought to you for free and open access by OpenSPACES@UNK: Scholarship, Preservation, and Creative Endeavors. It has been accepted for inclusion in Mountain Plains Journal of Business and Economics by an authorized editor of OpenSPACES@UNK: Scholarship, Preservation, and Creative Endeavors. For more information, please contact [email protected]. 36 WHY OS/2 FAILED: BUSINESS MISTAKES COMPOUNDED BY MEMORY PRICES ERIC G. SWEDIN WEBER STATE UNIVERSITY DAVIS ABSTRACT In 2006, IBM ended their support of OS/2, closing the book on an ambitious effort to create a modern operating system for the personal computer. IBM and Microsoft released the OS/2 operating system in December 1987 to replace the primitive DOS with a more sophisticated, preemptive multitasking operating system for personal computers. This article argues that OS/2 failed because of the U.S.-Japan Semiconductor Trade Agreement of 1986, subsequent accusations of DRAM chip dumping by the United States, and the resulting tariffs on Japanese memory chips, led to a memory chip shortage that drove up memory prices.
    [Show full text]
  • IE 5.5 and Netscape 4.75 - Why Upgrade? ..Page 1
    In This Issue . IE 5.5 and Netscape 4.75 - Why Upgrade? ..page 1 WindowsME for Home Computing ..…..…..page 1 Critical Updates are Essential ……..……….page 1 Win 95/98 Web Browser Upgrade.…………page 2 Permanent LRC Stations…………...……….page 2 cc:Mail is Retiring ……..…………..………..page 2 The newsletter for IPFW computer users Information Technology Services October 2000 Courses & Resources…………….……….….page 2 IE 5.5 and Netscape for Home 4.75 - Why Upgrade? Computing Campus surfers should update their browsers to the Microsoft recently released its upgrade to Windows 98 latest versions of Netscape and Internet Explorer (IE). for home computing — Windows Millennium (WindowsMe). Windows users may do so by the following instructions on Follett's IPFW Bookstore is now offering the CD to students, page 2. Macintosh users may obtain the instructions for faculty, and staff as part of IU's licensing agreement with creating an alias for either or both programs from the Help Microsoft. Is the upgrade for you? Windows Millennium Desk (e-mail: [email protected]). includes: Very basic digital media editing tools Why upgrade? In general, obtaining the latest 4 IE 5.5 (also downloadable for Windows 98) version of your favorite browser helps ensure that you have 4 4 Media Player 7 (also downloadable for Windows 98) the most capable and secure browser for today's Web If you have no compelling need for the above features environment. Specifically, the newest and most significant or if you take the time to do wnload IE 5.5 and/or Media Player 7 features of each include: for Windows 98, you may want to skip this upgrade.
    [Show full text]
  • Page 1 of 3 How to Enable NTLM 2 Authentication 2/8/2012 Http
    How to enable NTLM 2 authentication Page 1 of 3 Article ID: 239869 - Last Review: January 25, 2007 - Revision: 4.7 How to enable NTLM 2 authentication System Tip This article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center This article was previously published under Q239869 SUMMARY Historically, Windows NT supports two variants of challenge/response authentication for network logons: • LAN Manager (LM) challenge/response • Windows NT challenge/response (also known as NTLM version 1 challenge/response) The LM variant allows interoperability with the installed base of Windows 95, Windows 98, and Windows 98 Second Edition clients and servers. NTLM provides improved security for connections between Windows NT clients and servers. Windows NT also supports the NTLM session security mechanism that provides for message confidentiality (encryption) and integrity (signing). Recent improvements in computer hardware and software algorithms have made these protocols vulnerable to widely published attacks for obtaining user passwords. In its ongoing efforts to deliver more secure products to its customers, Microsoft has developed an enhancement, called NTLM version 2, that significantly improves both the authentication and session security mechanisms. NTLM 2 has been available for Windows NT 4.0 since Service Pack 4 (SP4) was released, and it is supported natively in Windows 2000. You can add NTLM 2 support to Windows 98 by installing the Active Directory Client Extensions. After you upgrade all computers that are based on Windows 95, Windows 98, Windows 98 Second Edition, and Windows NT 4.0, you can greatly improve your organization's security by configuring clients, servers, and domain controllers to use only NTLM 2 (not LM or NTLM).
    [Show full text]
  • Windows 95, Windows 98, Windows 98SE, and Windows ME Courtesy of Nashville Home Linux Solutions
    Important information for users of Windows 95, Windows 98, Windows 98SE, and Windows ME courtesy of Nashville Home Linux Solutions FACT: As of July 2006, Microsoft has officially ended support for Windows 95, Windows 98, Windows 98SE, and Windows ME (Millennium Edition). What does this mean for you? Microsoft©s end-of-support announcement means that users of Windows 95, 98, and ME will no longer receive security updates, bug fixes, and other patches for their computer©s operating system. It also means that future releases of Microsoft software (such as Media Player, Internet Explorer, and Outlook Express) will no longer support these operating systems. Users of these versions of Windows will not benefit from enhanced features and security in these new versions. Why should I be concerned? Windows 95, 98, and ME are based around the DOS operating system, an inherently insecure operating system. Users of DOS-based Windows will become increasingly at risk for viruses, spyware, malware, and system intrusions as new holes and exploits are discovered in these operating systems and the older software that runs on them. In addition, software vendors (including makers of anti-virus and other security products) will be phasing out support for these operating systems now that Microsoft has ended its support. If you are connecting your DOS-based Windows operating system to the Internet, you need to take action to secure your computer. What are my options? If you would like to continue to operate on your current hardware, you have a few options available to you: 1. Upgrade Windows Microsoft©s only currently-available Windows workstation operating system is Windows XP (Home or Professional).
    [Show full text]
  • Introductory Javascript Made Easy™Purposesv.1.0
    A publication of TeachUcomp Incorporated. Copyright © TeachUcomp, Inc. 2014 only! Mastering Introductory JavaScript Made Easy™purposesv.1.0 teachUcomp, inc.® evaluation…it’s all about you for www.teachucomp.com at us Sample- Visit Mastering Introductory JavaScript Made Easy™ v.1.0 Copyright: Copyright © 2014 by TeachUcomp, Inc. All rights reserved. This publication, or any part thereof, may not be reproduced or stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, recording, photocopying, or otherwise, without the express written permission of TeachUcomp, Inc. For PDF manuals, TeachUcomp, Inc. allows the owner of the PDF manual to make up to 2 additional copies of the PDF manual that the owner may place on up to 2 additional non-sharedonly! computer hard drives for ease of use when using the accompanying video lessons. TeachUcomp, Inc. also grants unlimited personal printing rights to the owner, strictly limited to the purposes of personal or private education or research. The unauthorized reproduction or distribution of this copyrighted work is illegal. Criminal copyright infringement, including infringement without monetary gain, is investigated by the FBI and is punishable by up to five years in federal prison and a fine of $250,000. Trademark Acknowledgements: purposes Apple, Macromedia, Dreamweaver, CoffeeCup Software, eBay, Google, Intuit, Quicken, QuickBooks, QuickBooks Pro, QuickBooks Premier, Turbo Tax, EasyStep, QuickReports, and QuickZoom are registered trademarks of Intuit, Inc. Windows, Windows 95, Windows 98, Windows NT, Windows Me, Windows XP, Windows 7, Windows 8, Microsoft Word 97, Microsoft Word 2000, Microsoft Word XP, Microsoft Word 2003, Microsoft Word 2007, Microsoft Word 2013, Microsoft Excel 97, Microsoft Excel 2000, Microsoft Excel XP, Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Excel 2013, and Outlook are registered trademarks of Microsoft Corporation.
    [Show full text]
  • Write Once, Pwn Anywhere
    Write Once, Pwn Anywhere Yang Yu Twitter: @tombkeeper Agenda • Summon BSTR back • JScript 9 mojo • “Vital Point Strike” • “Interdimensional Execution” Who am I? • From Beijing, China • Director of Xuanwu Security Lab at Tencent – We're hiring • Researcher from 2002, geek from birth – Strong focus on exploiting and detection • Before 2002, I am a… Before 2002 Now Summon BSTR back About BSTR JScript 5.8 and earlier use BSTR to store String object data struct BSTR { LONG length; WCHAR* str; } var str = “AAAAAAAA”; 0:016> dc 120d0020 l 8 120d0020 00000010 00410041 00410041 00410041 ....A.A.A.A.A.A. 120d0030 00410041 00000000 00000000 00000000 A.A............. Corrupt BSTR prefix var str = “AAAAAAAA”; 0:016> dc 120d0020 l 4 120d0020 00000010 00410041 00410041 00410041 ....A.A.A.A.A.A. writeByVul(0x120d0020, 0x7ffffff0); 0:016> dc 120d0020 l 4 120d0020 7ffffff0 00410041 00410041 00410041 ....A.A.A.A.A.A. var outofbounds = str.substr(0x22222200,4); * Peter Vreugdenhil, “Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit” Locate the address of BSTR prefix var strArr = heapSpray("\u0000"); var sprayedAddr = 0x14141414; writeByVul(sprayedAddr); for (i = 0; i < strArr.length; i++) { p = strArr[i].search(/[^\u0000]/); if (p != -1) { modified = i; leverageStr = strArr[modified]; bstrPrefixAddr = sprayedAddr - (p)*2 - 4; break; } } * Fermin J. Serna, “The info leak era on software exploitation” JScript 9 replaced JScript 5.8 since IE 9 JScript 9 does not use BSTR now So exploiters switch to flash vector object But, JScript 5.8 is still there We can summon it back The spell to summon JScript 5.8 back <META http-equiv = "X-UA-Compatible" content = "IE=EmulateIE8"/> <Script Language = "JScript.Encode"> … </Script> or <META http-equiv = "X-UA-Compatible" content = "IE=EmulateIE8"/> <Script Language = "JScript.Compact"> … </Script> * Some features are not supported with JScript.Compact, like eval().
    [Show full text]
  • Flashboot User Manual
    FlashBoot User Manual © 2015 Mikhail Kupchik Contents 3 Table of Contents Foreword 0 Part I Introduction 5 1 Product................................................................................................................................... Overview 5 2 Why USB................................................................................................................................... Flash Disks? 5 3 Why FlashBoot?................................................................................................................................... 6 4 System................................................................................................................................... Requirements 7 5 Limitations................................................................................................................................... of Demo Version 8 6 Demo Version................................................................................................................................... -> Full Version 8 7 Support................................................................................................................................... & Feedback 8 Part II CD/DVD to USB conversions 9 1 Install ...................................................................................................................................full Win8/8.1/10 -> USB [BIOS mode] 9 2 Install................................................................................................................................... full
    [Show full text]
  • Windows 95 and Window 98® Operating System
    ® Windows 95 and Window 98® Operating System Microsoft Base Cryptographic Provider FIPS 140-1 Documentation: Security Policy September 20, 2000 11:33 AM Abstract This document specifies the security policy for the Microsoft Base Cryptographic Provider (RSABASE) as described in FIPS PUB 140-1. CONTENTS INTRODUCTION .......................................................................... 1 SECURITY POLICY...................................................................... 2 SPECIFICATION OF ROLES ........................................................ 3 SPECIFICATION OF SERVICES................................................... 4 CRYPTOGRAPHIC KEY MANAGEMENT ..................................... 9 SELF-TESTS .............................................................................. 11 MISCELLANEOUS...................................................................... 12 FOR MORE INFORMATION ....................................................... 13 { TC "INTRODUCTION" \F SP }INTRODUCTION Microsoft Base Cryptographic Provider (RSABASE) is a FIPS 140-1 Level 1 compliant, general- purpose, software-based, cryptographic module. Like other cryptographic providers that ship with nternet Explorer 5.1 or later, RSABASE encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-1 Level 1 compliant cryptography. Cryptographic Boundary The Microsoft
    [Show full text]
  • CS 151: Introduction to Computers
    Information Technology: Introduction to Computers Handout One Computer Hardware 1. Components a. System board, Main board, Motherboard b. Central Processing Unit (CPU) c. RAM (Random Access Memory) SDRAM. DDR-RAM, RAMBUS d. Expansion cards i. ISA - Industry Standard Architecture ii. PCI - Peripheral Component Interconnect iii. PCMCIA - Personal Computer Memory Card International Association iv. AGP – Accelerated Graphics Port e. Sound f. Network Interface Card (NIC) g. Modem h. Graphics Card (AGP – accelerated graphics port) i. Disk drives (A:\ floppy diskette; B:\ obsolete 5.25” floppy diskette; C:\Internal Hard Disk; D:\CD-ROM, CD-R/RW, DVD-ROM/R/RW (Compact Disk-Read Only Memory) 2. Peripherals a. Monitor b. Printer c. Keyboard d. Mouse e. Joystick f. Scanner g. Web cam Operating system – a collection of files and small programs that enables input and output. The operating system transforms the computer into a productive entity for human use. BIOS (Basic Input Output System) date, time, language, DOS – Disk Operating System Windows (Dual, parallel development for home and industry) Windows 3.1 Windows 3.11 (Windows for Workgroups) Windows 95 Windows N. T. (Network Technology) Windows 98 Windows N. T. 4.0 Windows Me Windows 2000 Windows XP Home Windows XP Professional The Evolution of Windows Early 80's IBM introduced the Personal PC using the Intel 8088 processor and Microsoft's Disk Operating System (DOS). This was a scaled down computer aimed at business which allowed a single user to execute a single program. Many changes have been introduced over the last 20 years to bring us to where we are now.
    [Show full text]
  • Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5
    Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5 Copyright 2003, The Center for Internet Security www.cisecurity.org Page 2 of 32 Terms of Use Agreement Background. CIS provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere (“Products”) as a public service to Internet users worldwide. Recommendations contained in the Products (“Recommendations”) result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a “quick fix” for anyone’s information security needs. No representations, warranties and covenants. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any Product or Recommendation. CIS is providing the Products and the Recommendations “as is” and “as available” without representations, warranties or covenants of any kind. User agreements. By using the Products and/or the Recommendations, I and/or my organization (“we”) agree and acknowledge that: 1. No network, system, device, hardware, software or component can be made fully secure; 2.
    [Show full text]
  • Starburn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started
    StarBurn Software Technical Reference Series StarBurn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started April 18, 2016 StarBurn Software www.starburnsoftware.com Copyright © Rocket Division Software 2001-2016. All rights reserved. Copyright © StarBurn Software 2009-2016. All rights reserved. StarBurn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started Page 1 of 13 StarBurn Software Technical Reference Series INTRODUCTION .................................................................................................. 4 KEY BENEFITS ..................................................................................................... 5 KEY FEATURES .................................................................................................... 7 SUPPORTED PLATFORMS .................................................................................. 11 SYSTEM REQUIREMENTS................................................................................... 12 CONTACTS........................................................................................................ 13 StarBurn CD/DVD/Blu-Ray/HD-DVD Toolkit: Getting Started Page 2 of 13 StarBurn Software Technical Reference Series COPYRIGHT Copyright © Rocket Division Software 2001-2016. All rights reserved. Copyright © StarBurn Software 2009-2016. All rights reserved. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written
    [Show full text]