Windows
A file system used initially with Windows, designed for small disks with simple folder structures. Stores all files at the beginning of the volume
What is FAT? (File Allocation System)
Current file system that provides with a better scale and reliability than previous file system and replaces block mapping scheme to increase performance and reduce fragmentation
What is Ext4?
Fourth Extended File System
Name a parent OS that Linux and Mac OS is based of
What is UNIX?
Software and contains file extension association information and also programmatic identifier (ProgID), Class ID (CLSID), and Interface ID (IID) data.
What is HKEY_CLASSES_ROOT?
All user level logs
/var/log/user.log
High-performance, a self-repairing file system with advanced features like file-level security, compression, and auditing. Supports larger and more powerful volume storage solutions like RAID. Can encrypt/decrypt data, uses 16-bit Unicode for multi-language support, maintains fault tolerance via a backup log file. Introduces concept of metadata and master file tables. Supports files up to 16GB. Uses MFT (relational database) for file attributes like size, time, date, permissions, and contents.
What is NTFS?
New Technology File System
Files not preserved between system reboots, and may be severely size restricted.
What is /tmp?
A primary file system in Macintosh
What is HFS+? (Hierarchical File System Plus)
Contains the configuration information related to the user currently logged on. Wallpaper, screen colors, display settings, etc..
HKEY_CURRENT_USER
Recent login information
/var/log/lastlog
Windows database that has all settings for all users and more information on the system.
What is Windows Registry?
Essential command binaries that need to be available in single user mode; for all users, e.g., cat, ls, cp.
What is /bin?
All logs stored here
What is var/log?
Contains most of the configuration information for installed software which includes the Windows OS as well, and the information about the physical state of the computer which includes bus type, installed cards, memory type, startup control parameters and device drives.
HKEY_LOCAL_MACHINE
Failed user login attempts
/var/log/faillog
OS uses as the virtual memory extension of a computer’s real memory (RAM)
What is a Page File?
All logs stored here
What is /var/log?
All deleted files go there
What is .Trash?
Contains information about all the currently active user profiles on the computer.
HKEY_USERS
Package installation or removal logs
/var/log/dpkg.log
When a user installs an application, runs it, and deletes it , traces of that application can be found in __
What is Prefetch Information?
OS uses as the virtual memory extension of a computer’s real memory (RAM)
What is Swap Space?
Original Mac OS disk copy tool
What is Target Disk Mode
Stores information about the current hardware profile of the system.
HKEY_CURRENT_CONFIG
Kernel ring buffer information
/var/log/dmesg