How can you make sure a subject’s computer boots to a forensic floppy disk or CD?
What will be an ideal response?
ANSWER: When a subject’s computer starts, you must make sure it boots to a forensically configured CD, DVD, or USB drive, because booting to the hard disk overwrites and changes evidentiary data. To do this, you access the CMOS setup by monitoring the computer during the bootstrap process to identify the correct key or keys to use. The bootstrap process, which is contained in ROM, tells the computer how to proceed. As the computer starts, the screen usually displays the key or keys, such as the Delete key, you press to open the CMOS setup screen. You can also try unhooking the keyboard to force the system to tell you what keys to use. The key you press to access CMOS depends on the computer’s BIOS.
If necessary, you can change the boot sequence so that the OS accesses the CD/DVD drive, for example, before any other boot device. Each BIOS vendor’s screen is different, but you can refer to the vendor’s documentation or Web site for instructions on changing the boot sequence.
You might also like to view...
There are seven strategies for improving the efficiency in knowledge workers:
What will be an ideal response?
Not all digital cameras capture ________, so you might not see all possible details about a given photo
Fill in the blank(s) with correct word
Circuit level gateway firewalls are less secure than application gateway firewalls
Indicate whether the statement is true or false.
Which of the following is not controlled by a PivotTable style?
A. row and column shading B. borders C. bold fonts D. subtotal calculations