Question:
Computer forensic examiners should be concerned with at least two important settings stored in RTC/NVRAM, which is accessed by the BIOS software most often called Setup.
Setup is accessed during system boot using a special key or combination of keys, such as F1, F2, Esc, or Delete. Those two settings are as follows:
- System Date and Time
- Boot Order
i)
a) Give a scenario of how as a forensic examiner you use the first setting ‘System date and time'.
b) Why do you think the second setting above is important from a computer forensic perspective.
ii)
Computer system components are useless pieces of silicon, gold, copper, and tin until they are awakened by a spark of electricity, which follows a predetermined path, testing the several system components, establishing configuration settings, and loading pieces of code-all of which culminates in the loading of a functional operating system, custom configured to your particular software and hardware environment. The process by which this occurs is the boot process, named for the process of "pulling yourself up by the bootstraps." It is the process by which PC computer systems come to life, and it's the process that computer forensics examiners must understand and may be called upon to describe.
You are required to explain the important steps of the boot process