Understanding the concept of boot sequence as a computer forensics investigator is
critical because there are many useful things you can do as a computer forensics
investigator by manipulating the boot sequence.
1
�2
�3
�Some of the boot sequence related hardware include CMOS and BIOS.
4
�5
�6
�7
�8
�CMOS
• A volatile memory chip containing Time and date information
Configuration information
• Stands for
Complementary Metal Oxide Semiconductor
lynda.com
9
�CMOS is a volatile memory chip containing.Time and date information.Another
configuration information.CMOS stands for complementary metal oxide
semiconductor.It's a computer chip on a motherboard.
10
�11
�12
�13
�Bios stores aprogram that Loads the hardware drivers. It also loads the operating
system.Before your operating system is loaded into the memory.You have to make
sure your memory is operational, which is done by loading the driver for the memory.
14
�15
�16
�Bios stands for basic input output system.The BIOS hardware is now being replaced
by a new alternative which is called unified extensible firmware interface, or UEFI.
17
�18
�19
�20
�One of the things your bios checks when your computer starts is the boot sequence.
The boot sequence information is stored in your CMOS.And the full sequence settings
decides which drive to access to read the operating system.This is significant to
computer forensics, especially because in computer forensics were trying to avoid
accessing the evidence drive at all costs because as soon as your operating system
has access to your evidence drive, it may write to it and corrupt your
evidence.Therefore, the best practices to put into a drive containing.A specialized
operating system.With preinstalled computer forensics programs.For example, we
have a live CD containing forensic copies of operating systems. By using those live
CDs, we can put into the CD drive containing the live CD, and then the live CD will
provide the operating system for your computer, not touching anything in terms of
your evidence.Drive.This is just one example of how to manipulate your boot
sequence and use it in your computer forensics investigation.There are also many
other uses of changing the boot sequence of your evidence computer.By learning
more about these other uses of changing the boot sequence of your evidence
computer, you will definitely enhance your ability as a computer forensics
investigator.
21
�Now let's look at a computer forensics software suite life CD called Kali .When you
boot into Kali , this is the initial screen you'll get. Choose the first option live.Press
enter.
22
�23
�24
�Now we have successfully booted into Kali . Was nice about Kelly is that it comes with
many computer forensics software tools already installed.Let's check out some of
these tools.
25
�Click on applications.
26
�Choose Kali Linux.
27
�28
�And then select forensics.
29
�And then you see a number of computer forensics tools there.
30
�31
�32
�For example, you see RAM forensics tools, and you see something that's already
familiar to you.I'm in volatility there.
33
�For example, you see RAM forensics tools, and you see something that's already
familiar to you.I'm in volatility there.
34
� There are also some other tools that may be familiar to you too. Let's go to forensic
imaging tools.
35
�and you see Something called DCFLD D This is a forensic version of DD.
36
�Now let's choose frantic suites.and you see autopsy there
37
�Now let's choose frantic suites.and you see autopsy there
38
�There are also many other computer forensics tools already built into this operating
system.What's nice about alive CD like this is that you don't really have to worry
about installing these individual computer forensic software tools on your own. It all
comes with your operating system.And when it's time for you to conduct your
computer forensics investigation.All you have to do is to put into this live CD. There
are many more things to explore in this life city called Kali, and I hope you'll spend
some time exploring the various computer forensics tools that come with this live CD.
39
