Cheatography
https://cheatography.com
A revision guide to prepare for the Cyber Crimes and Digital Forensics Exam.
This is a draft cheat sheet. It is a work in progress and is not finished yet.
Internal Components of a HDD
A hard disk drive (HDD) is a magnetic storage device used for persistence data storage. |
Acronym: |
PCTHA |
Please Carry These Super Small Heavy Apples! |
Physical Components: |
- |
Platter: |
Circular disks coated with magnetic material where data is stored magnetically on both sides. |
- |
Cylinders |
A set of tracks on all platters that are at the same radial distance from the spindle. |
|
Tracks: |
The circular paths where data is magnetically stored and read. |
- |
Sectors: |
Pie-shaped divisions on a track that are the smallest unit of data storage, typically 512 bytes. |
- |
Spindle: |
The central axis around which the platters rotate. |
- |
Heads: |
Read/write mechanisms (one for each side of each platter) that move across the platter surface to access data. Data is read from and written to both sides of the platter simultaneously. |
- |
Actuator Arms: |
Mechanical arms that move the heads to the correct radial position (cylinder) on the platters. |
Calculating CHS
Cylinders, Heads, Sectors (CHS): |
A method of addressing data on HDDs based on their physical structure |
Components involved: |
- |
Cylinders: |
Represents concentric tracks across all platter surfaces. |
|
Platters: |
Correspond to each readable surface of a platter (two heads per platter). |
|
Sectors: |
Wedge-like segments within a track that store data. |
Formula for calculating HDD capacity using CHS: |
- |
Cylinders x Platters x Sectors x Sector Size (512 bytes) = Total Bytes. |
Example: |
Cylinders(50) x Platters (5) x Sectors (10) x Sector Size 512 bytes) |
|
50 x (5 x 2) x 10 x 512 |
Each platter has two sides, so we multiply it by 2. |
|
Capacity = 2,560,000 bytes |
Difference between Sectors and Clusters
Sectors: |
The smallest physical storage unit on a disk, with a fixed size, typically 512 bytes |
Clusters: |
The smallest logical unit of disk space that is allocated to hold a file by the file system. |
A cluster consists of one or more contiguous sectors |
File systems use clusters for efficiency in managing disk space, as they don't have to track every individual sector for file allocations |
The allocation unit size during formatting determines cluster size. |
Live files, Slack space, Unallocated space
Live files: |
Files that are currently present in the file system and accessible |
Slack space: |
The unused space within the last cluster allocated to a file. |
|
Since files rarely perfectly fill a cluster, the remaining space might contain fragments of previously deleted files (drive slack) or remnants of data from RAM (RAM slack) |
Unallocated space: |
The portion of the hard drive that is not currently assigned to any file or partition. |
|
When a file is "deleted," only its entry in the file system is removed, but the data often remains in the unallocated space until overwritten by new data. |
|
This area can contain recoverable data from previously deleted files. |
|
|
Encoding vs Encrypting
Encoding: |
the process of converting data from one format to another, typically for usability or compatibility reasons |
|
This process is reversible. |
|
Examples include ASCII or Unicode encoding of text |
|
Ab example would be Morse code. The text must be converted to Morse for transmission. Anyone who knows Morse code can decipher it. |
Encryption |
is the process of transforming data into an unreadable format (ciphertext) to protect its confidentiality |
|
Encryption requires a key to decrypt the data back to its original form (plaintext). |
|
An example would be putting a letter into a magical box that scrambles the writing unless the right key is used, preventing everyone from reading it except those with the key. |
The difference: |
Encoding is reversible, used for transmission, storage, readability, while encryption is specifically for hiding data from those who are unauthorised to read it. |
|
|
|