|
Host Protected Area
The host protected area (HPA) is an area of a hard drive or solid-state drive that is not normally visible to an operating system. It was first introduced in the ATA-4 standard CXV (T13) in 2001. How it works The IDE controller has registers that contain data that can be queried using ATA commands. The data returned gives information about the drive attached to the controller. There are three ATA commands involved in creating and using a host protected area. The commands are: * IDENTIFY DEVICE * SET MAX ADDRESS * READ NATIVE MAX ADDRESS Operating systems use the IDENTIFY DEVICE command to find out the addressable space of a hard drive. The IDENTIFY DEVICE command queries a particular register on the IDE controller to establish the size of a drive. This register however can be changed using the SET MAX ADDRESS ATA command. If the value in the register is set to less than the actual hard drive size then effectively a host protected area is created. It is protected because the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hard Drive
A hard disk drive (HDD), hard disk, hard drive, or fixed disk is an electro-mechanical data storage device that stores and retrieves digital data using magnetic storage with one or more rigid rapidly rotating platters coated with magnetic material. The platters are paired with magnetic heads, usually arranged on a moving actuator arm, which read and write data to the platter surfaces. Data is accessed in a random-access manner, meaning that individual blocks of data can be stored and retrieved in any order. HDDs are a type of non-volatile storage, retaining stored data when powered off. Modern HDDs are typically in the form of a small rectangular box. Introduced by IBM in 1956, HDDs were the dominant secondary storage device for general-purpose computers beginning in the early 1960s. HDDs maintained this position into the modern era of servers and personal computers, though personal computing devices produced in large volume, like cell phones and tablets, rely ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term ''rootkit'' is a compound of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware. Rootkit installation can be automated, or an attacker can install it after having obtained root or administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting a vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like "phishing"). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged ac ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GUID Partition Table
The GUID Partition Table (GPT) is a standard for the layout of partition tables of a physical computer storage device, such as a hard disk drive or solid-state drive, using universally unique identifiers, which are also known as globally unique identifiers (GUIDs). Forming a part of the Unified Extensible Firmware Interface (UEFI) standard (Unified EFI Forum-proposed replacement for the PC BIOS), it is nevertheless also used for some BIOS systems, because of the limitations of master boot record (MBR) partition tables, which use 32 bits for logical block addressing (LBA) of traditional 512-byte disk sectors. All modern personal computer operating systems support GPT. Some, including macOS and Microsoft Windows on the x86 architecture, support booting from GPT partitions only on systems with EFI firmware, but FreeBSD and most Linux distributions can boot from GPT partitions on systems with either the BIOS or the EFI firmware interface. History The Master Boot Record (MBR ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Device Configuration Overlay
Device configuration overlay (DCO) is a hidden area on many of today's hard disk drives (HDDs). Usually when information is stored in either the DCO or host protected area (HPA), it is not accessible by the BIOS (or UEFI), OS, or the user. However, certain tools can be used to modify the HPA or DCO. The system uses the command to determine the supported features of a given hard drive, but the DCO can report to this command that supported features are nonexistent or that the drive is smaller than it actually is. To determine the actual size and features of a disk, the command is used, and the output of this command can be compared to the output of to see if a DCO is present on a given hard drive. Most major tools will remove the DCO in order to fully image a hard drive, using the command. This permanently alters the disk, unlike with the host protected area (HPA), which can be temporarily removed for a power cycle. Uses The Device Configuration Overlay (DCO), which was first ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hdparm
hdparm is a command line program for Linux to set and view ATA hard disk drive hardware parameters and test performance. It can set parameters such as drive caches, sleep mode, power management, acoustic management, and DMA settings. GParted and Parted Magic both include ''hdparm''. Changing hardware parameters from suboptimal conservative defaults to their optimal settings can improve performance greatly. For example, turning on DMA can, in some instances, double or triple data throughput. There is, however, no reliable method for determining the optimal settings for a given controller-drive combination, except careful trial and error. Depending on the given parameters, ''hdparm'' can cause computer crashes or render the data on the disk inaccessible. Usage examples hdparm has to be run with special privileges, otherwise it will either not be found or the requested actions will not be executed properly. Display information of the hard drive: sudo hdparm -I /dev/sda T ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Less (Unix)
less is a terminal pager program on Unix, Windows, and Unix-like systems used to view (but not change) the contents of a text file one screen at a time. It is similar to , but has the extended capability of allowing both forward and backward navigation through the file. Unlike most Unix text editors/viewers, does not need to read the entire file before starting, allowing for immediate viewing regardless of file size. History Mark Nudelman initially wrote less during 1983–85, in the need of a version of more able to do backward scrolling of the displayed text. The name came from the joke of doing "backwards more." Originally, less was developed for Unix, but it has been ported to a number of other operating systems, including MS-DOS, Microsoft Windows, OS/2, and OS-9, as well as Unix-like systems such as Linux. It is still maintained today by Nudelman. To help remember the difference between less and more, a common joke is to say, "," implying that less has greater functiona ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dmesg
dmesg (''diagnostic messages'') is a command on most Unix-like operating systems that prints the message buffer of the kernel. The output includes messages produced by the device drivers. Command On many Unix-like systems, the boot process generates a particularly dense stream of kernel messages. Many administrative issues pertain to whether a desired hardware device is successfully enumerated during the boot process, so the diagnostic process for a failed device often begins by inspecting the dmesg output from the kernel identification message to the point where the boot process concludes. Since this buffer can be overwritten by a flood of messages in subsequent operation, many Unix-like distributions store a post-boot copy of the message buffer at or similar secure system location. It is also common to manually consult the current dmesg buffer after hot-plugging devices, particularly USB devices (especially thumb drives), to determine whether the device has been recogni ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which includes the kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name "GNU/Linux" to emphasize the importance of GNU software, causing some controversy. Popular Linux distributions include Debian, Fedora Linux, and Ubuntu, the latter of which itself consists of many different distributions and modifications, including Lubuntu and Xubuntu. Commercial distributions include Red Hat Enterprise Linux and SUSE Linux Enterprise. Desktop Linux distributions include a windowing system such as X11 or Wayland, and a desktop environment such as GNOME or KDE Plasma. Distributions inten ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for servers, and Windows IoT for embedded systems. Defunct Windows families include Windows 9x, Windows Mobile, and Windows Phone. The first version of Windows was released on November 20, 1985, as a graphical operating system shell for MS-DOS in response to the growing interest in graphical user interfaces (GUIs). Windows is the most popular desktop operating system in the world, with 75% market share , according to StatCounter. However, Windows is not the most used operating system when including both mobile and desktop OSes, due to Android's massive growth. , the most recent version of Windows is Windows 11 for consumer PCs and tablets, Windows 11 Enterprise for corporations, and Windows Server 2022 for servers. Genealogy By marketing r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Forensic Toolkit
Forensic Toolkit, or FTK, is a computer forensics software made by AccessData. It scans a hard drive looking for various information. It can, for example, potentially locate deleted emails and scan a disk for text strings to use them as a password dictionary to crack encryption. FTK is also associated with a standalone disk imaging program called FTK Imager. This tool saves an image of a hard disk in one file or in segments that may be later on reconstructed. It calculates MD5 and SHA1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecim ... hash values and can verify the integrity of the data imaged is consistent with the created forensic image. The forensic image can be saved in several formats, including DD/raw, E01, and AD1. References External links [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
The Sleuth Kit
The Sleuth Kit (TSK) is a library and collection of Unix- and Windows-based utilities for extracting data from disk drives and other storage so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a better known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit. The collection is open source and protected by the GPL, the CPL and the IPL. The software is under active development and it is supported by a team of developers. The initial development was done by Brian Carrier who based it on The Coroner's Toolkit. It is the official successor platform. The Sleuth Kit is capable of parsing NTFS, FAT/ExFAT, UFS 1/2, Ext2, Ext3, Ext4, HFS, ISO 9660 and YAFFS2 file systems either separately or within disk images stored in raw ( dd), Expert Witness or AFF formats. The Sleuth Kit can be used to examine most Microsoft Windows, most Apple Macintosh OSX, many Linux and some other UNI ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
.jpg "Click for more on -> Linux")
.svg "Click for more on -> Windows"){kind=logo}