1
00:00:06,450 --> 00:00:12,900
The operating system environment doing reverse engineering requires the analyst to understand where

2
00:00:12,900 --> 00:00:19,890
the software being used in being run in major powers the software requires in order to work in an operating

3
00:00:19,890 --> 00:00:23,130
system or the memory and the file system.

4
00:00:26,150 --> 00:00:33,740
In Windows operating systems besides in-memory and the fire system, Microsoft introduced the registry

5
00:00:33,740 --> 00:00:39,890
system, which is actually stored in protected files called Registry Hy's.

6
00:00:42,990 --> 00:00:43,920
The fire system.

7
00:00:45,000 --> 00:00:50,880
The fire system is a very data is stored directly to the physical disk drive.

8
00:00:51,820 --> 00:01:00,070
These systems manage how files and directories are stored in the disk varis disk systems have their

9
00:01:00,070 --> 00:01:04,500
own variation of effusions, reading and writing data.

10
00:01:05,440 --> 00:01:15,550
There are different Esquire systems such as Ford Interface X two x three, expensive as an AP if as

11
00:01:16,180 --> 00:01:25,520
common filesystems used by Windows are for 32 and NTFS stored in the file system is information about

12
00:01:25,520 --> 00:01:27,580
the director of parts and fires.

13
00:01:27,760 --> 00:01:33,100
It includes the file names, size of the files, data systems and permissions.

14
00:01:35,500 --> 00:01:44,460
In a previous make with or six versions, while information and data are stored in resource for US,

15
00:01:45,340 --> 00:01:51,850
efforts are actually duplicated by backward compatibility, still exist on our recent versions of Make

16
00:01:51,880 --> 00:01:56,520
OS, a file has to fork stored in the file system.

17
00:01:56,800 --> 00:02:04,690
The data fork and resource for the data for contains unstructured data, while the resource for contains

18
00:02:04,690 --> 00:02:05,760
structured data.

19
00:02:06,250 --> 00:02:13,990
There is a resource for contains information such as the executable machine code icons, shape of an

20
00:02:13,990 --> 00:02:18,190
alert box string used in the file and so forth.

21
00:02:18,700 --> 00:02:27,040
For instance, if you wanted to make up a make application by simply moving it to the Windows hard drive,

22
00:02:27,040 --> 00:02:34,240
then moving at the back to make application will no longer open while transferring onto the file gets

23
00:02:34,240 --> 00:02:34,750
transferred.

24
00:02:34,750 --> 00:02:37,870
But the resource for gets tripped up in the process.

25
00:02:38,680 --> 00:02:46,210
Simply competence and respect, of course, is that many developers developed tools to synchronize files

26
00:02:46,480 --> 00:02:49,060
to and from external disks.