November 24th, 2008 by ahoogThe BIOS (or Basic Input/Output System) is the code run by computers when they are initially turned on. The BIOS is stored in flash memory (EEPROM) but can be updated with a special process from the manufacteur. The BIOS is important in computer forensics for several reasons, include:
- Contains the system time, important for later correlations with other events
- Controls which media is used to boot the computer after the BIOS load completes. One way to acquire a forensically sound image of a computer hard drive is to boot from the CD-ROM and acquire the image with the hard drive in read-only mode.
In a typical boot process, the BIOS would load and then look at the first sector of the primary hard drive to locate the boot sector for the installed operating system(s).
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
kaylee
http://www.thinkpadonline.info
Kaylee,
Thanks for the note. We will continue working on the glossary and computer forensic/e-discovery weblogs…I hope you find them more useful over time.
-Andrew