24
Nov

BIOS

Posted by ahoog

The BIOS (or Basic Input/Output System) is the code run by computers when they are initially turned on.  The BIOS is stored in flash memory (EEPROM) but can be updated with a special process from the manufacteur.  The BIOS is important in computer forensics for several reasons, include:

  • Contains the system time, important for later correlations with other events
  • Controls which media is used to boot the computer after the BIOS load completes.  One way to acquire a forensically sound image of a computer hard drive is to boot from the CD-ROM and acquire the image with the hard drive in read-only mode.

In a typical boot process, the BIOS would load and then look at the first sector of the primary hard drive to locate the boot sector for the installed operating system(s).

  • Share/Bookmark
Category : Computer Forensic and E-Discovery Glossary

2 Responses to “BIOS”


kaylee November 26, 2008

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

kaylee

http://www.thinkpadonline.info

ahoog November 26, 2008

Kaylee,

Thanks for the note. We will continue working on the glossary and computer forensic/e-discovery weblogs…I hope you find them more useful over time.

-Andrew



You must be logged in to post a comment.