
















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
All about the Boot system and its Process. Along Side NTFS filesystem.
Typology: Lecture notes
1 / 24
This page cannot be seen from the preview
Don't miss anything!

















โ (^) When you push the power button and electricity energizes the system, a series of commands is issued. โ (^) As it executes the commands, the system is taking steps (just like on a ladder) to achieve the goal of a running operating system. โ (^) If something breaks any of those steps, then the system will not load.
โ (^) In 2010 , the BIOS function was replaced by the United Extensible Firmware Interface (UEFI). โ (^) It provides the same service as the BIOS, but has been enhanced, as follows: โ (^) By providing better security at the pre-boot process
โ (^) It is a generally practice to remove the hard drive from the system to create a forensic image. โ (^) However, sometimes, the storage device cannot be removed from the system, and you have to create a forensic image. โ (^) To accomplish this task, you need to use a bootable CD/DVD or USB device to create a forensic environment in order to create a forensic image. โ (^) Using boot media, you will want to ensure that it will create that sound forensic environment and not cause any changes to the source device.
โ (^) Linux is a standard operating system that has been used to create a USB-based (live) operating system to create the forensic environment needed to examine these devices. โ (^) Paladin is one such tool. It is freely available to download and to purchase if you wish to have it preinstalled on a USB device. โ (^) Sumurai also provides some limited technical support in the operation of Paladin. โ (^) There is also a Windows-based bootable environment known as WinFE (Windows Forensic Environment).
โ (^) The benefit of using the Windows bootable environment is that you now have access to Windows-based forensic tools. โ (^) It is possible to run X-Ways or FTK Imager from this secure environment โ (^) It is not recommend using a tool that is resource- heavy. โ (^) X-Ways can run from a USB device, as can some artifact-specific tools such as RegRipper.
โ (^) To make a device bootable using Rufus consider doing the following steps: โ (^) Device : This is the destination. It is the USB device you want to host the bootable operating system. โ (^) Boot selection : This will be the "live" operating system. Here, using an ISO file for Paladin 8.01. โ (^) Partition scheme : You have a choice of using MBR or GPT. Using MBR will give you greater flexibility in the devices you can boot. โ (^) Target system : With the MBR selection for the partition scheme, you can use the device on either a BIOS or UEFI system. If you select GPT for the partition scheme, you can only target UEFI systems.
โ (^) Ensure the system can boot to a USB device โ some older systems cannot. โ (^) Knowing which filesystems the bootable device can write-protect and which ones it cannot. โ (^) Dealing with the secure boot feature of the UEFI boot process
โ (^) You must enter the UEFI environment by pressing the catch key such as F2 or F12 (this will vary depending on the computer manufacturer). โ (^) Once you have entered the setup utility, navigate to the Security menu (this might also vary depending on the computer manufacturer) and disable the secure boot option. โ (^) Some Linux distributions and WinFE have received signed status and will boot a system that has secure boot enabled. โ (^) As you go through this process, if you miss hitting the catch key and start the boot process in the host operating system, then you must document that it occurred.