Introducing the Windows OS and Filesystems and Getting Prepared for the Labs

In our work and personal lives, we use multiple operating systems (OSs) on different devices, including our desktops, laptops, and smartphones, on a daily basis. To understand more about this concept, we will cover in-depth knowledge about what an OS is and then focus on the Windows OS, which is the most popular OS by far for personal and corporate needs.

In the world of technology, Windows has become the leading OS for PCs and other devices. Thus, having a comprehensive understanding of this OS and the insights it can provide during digital forensic investigations is crucial. This chapter aims to provide an overview of the fundamental concepts of digital forensics and incident response in the context of Windows OS. Moreover, the chapter also explores the concept of Volume Shadow Copy Service (VSS) and its significance in digital forensics. VSS is a crucial feature of Windows OSs that enables the creation of shadow copies of files and folders at a particular point in time. As a result, VSS serves as an essential source of information for forensic investigators, allowing them to reconstruct events and gather evidence from a particular moment in time.

Understanding the basic concept of OSs will significantly aid in gaining knowledge of what we are investigating as forensic examiners and what value we get from these artifacts.

In this chapter, we will cover the following topics:

• What is a Microsoft OS?
• The modern Windows OS and filesystems
• Digital forensics and common terminology
• Windows VSS
• Preparing a lab environment