Professional Documents
Culture Documents
CSE4004: Digital Forensics Assignment 4: Boot Sector Sequence
CSE4004: Digital Forensics Assignment 4: Boot Sector Sequence
CSE4004: Digital Forensics Assignment 4: Boot Sector Sequence
Assignment 4
Name: Aditya Singh
Reg. no:18BCE0595
The boot sequence can take anywhere from a few seconds to several
minutes, depending on the computer's configuration. If the system is
booting from a CD or DVD, the boot time may be significantly longer than if
the computer is booted from a hard drive. Also, if your computer was turned
off unexpectedly, the boot time might increase since the system may
perform some additional checks to make sure everything is OK.
Prior to boot sequence is the power-on self-test (POST), which is the
initial diagnostic test performed by a computer when it is switched on.
When POST is finished, the boot sequence begins. If there are problems
during POST, the user is alerted by beep codes, POST codes or on-screen
POST error messages.
Unless programmed otherwise, the BIOS looks for the OS on drive A first,
then looks for the drive C. It is possible to modify the boot sequence from
BIOS settings. Different BIOS models have different key combination and
onscreen instructions to enter the BIOS and change the boot sequence.
Normally, after the POST, BIOS will try to boot using the first device
assigned in the BIOS boot order. If that device is not suitable for booting,
then the BIOS will try to boot from the second device listed, and this
process continues till the BIOS finds the boot code from the devices
listed.
If the boot device is not found, an error message is displayed and the
system crashes or freezes. Errors can be caused by an unavailable boot
device, boot sector viruses or an inactive boot partition.
Registry editor:
Why use a registry editor?
2. We can create new registries manually or we can modify the ones that already exist.
3. Original files that contain registry values are stored in the system directory itself.
4. Registry files are system protected and can not be accessed by any user unless
5. For the investigation purpose, the forensic investigator analyzes registry files via tools
To get information about wifi connected with the computer and get network
status and other information.
Usb history viewer: