Doing reverse engineering requires the analyst to understand where the software being reversed is being run. The major parts that software requires in order to work in an operating system are the memory and the filesystem. In Windows operating systems, besides the memory and the filesystem, Microsoft introduced the registry system, which is actually stored in protected files called registry hives.
The operating system environment
The filesystem
The filesystem is where data is stored directly to the physical disk drive. These filesystems manage how files and directories are stored in the disk. Various disk filesystems have their own variation of efficiently reading and writing data.Â
There are different disk filesystems...