Windows and the DOS CLI
Click here to view exercise as a PDF instead.
Although graphical user interfaces (GUIs) have obviated the need for CLIs in many cases, there are still some applications that require the use of the CLI for many reasons, not the least of which is that a CLI program uses less system memory than a GUI program that would perform the same function. For computer forensics, cybersecurity, or other incident response applications that must run on a suspect system, it is desirable to minimally impact the state of the computer.
This exercise will provide a brief introduction to the Microsoft Disk Operating System (MS-DOS) command line interface (CLI).
Many long-time users of Windows systems are unfamiliar -- and, therefore, uncomfortable -- with the DOS command line. This manual will guide those users through some of the rudimentary functions of DOS for purposes of gaining comfort and familiarity.
There are at least three ways to access the DOS command prompt from Windows:
1. Go to the search bar and type in Command Prompt.
2. Go to the start menu, locate Windows System and click on Command Prompt.
3. Press the Windows key and R at the same time (Windows+R), type cmd in the dialogue box, and then click OK.
However, we have provided a shortcut. Find the Command Prompt icon and double-click it.
To obtain a list of DOS commands, enter the help command.
If you need help on a specific command, you can type help followed by the command name. As an example, if you wanted additional information about the copy command, you could type help copy as shown below:
The help text shows all of the parameters and switches that can be used by the program; note that all of the switches are preceded by the slash (/) symbol. In the help text:
Switches inside of square brackets are optional (e.g., "[/D]")
Switches separated by a vertical bar "|" (shift-\) mean that one, but not both, may be used (e.g., "[/Y | /-Y]" means that you can use the /Y or /-Y switch, but not both).
Get a list of the files in a directory using the dir command.
Note that in Windows we often refer to Folders as Directories.
The default output of the "dir" command includes:
- The Last Modified time and date of the file or directory entry (note that the Last Accessed and Created times are not used in DOS).
- An indication that the entry is for a directory.
- Size of the file, in bytes (directories have a 0 size and are not listed).
- The name of the file or directory. Note use of long file names; note further that dot (this directory) and double-dot (this directory's parent) are always the first two entries in a directory listing except when in the Root Directory.
Type "help dir" or "dir /?" to see additional options and capabilities for the dir command.
If you wanted a directory listing to be sent to a file instead of the screen, you could redirect the output using "dir > filename.txt"
You can also get a directory listing of a different path than the one in which you currently are by typing the dir command followed by the drive letter and/or path name, such as "dir D:\"
To change your current directory in the DOS command window, use the "cd" command. Just type "cd" followed by a space and then enter the directory. Directory names can be entered as absolute paths or paths relative to your current position in the folder structure.
To change your current drive in the DOS command window, just type the drive letter followed by a colon.
CyberExplorations Exercises by Glenn S. Dardick is licensed under a Creative Commons Attribution 4.0 International License.