Download THE BOOT PROCESS The Forensic Services Group 1.) Initiates

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

RSTS/E wikipedia , lookup

Burroughs MCP wikipedia , lookup

VS/9 wikipedia , lookup

DOS wikipedia , lookup

Spring (operating system) wikipedia , lookup

Acorn MOS wikipedia , lookup

BIOS wikipedia , lookup

CP/M wikipedia , lookup

Windows NT startup process wikipedia , lookup

Booting wikipedia , lookup

Master boot record wikipedia , lookup

Transcript 
THE BOOT PROCESS
The Forensic Services Group
1.) Initiates Power On Self-Test (POST).
a. Power supply conducts its own POST
b. Residual data in CPU erased
c. Resets CPU register called the program counter
2.) Boot program or “bootstrap” initiates series of checks
a. Located in the ROM BIOS
b. Checks CPU and POST process against value stored in BIOS chipset
3.) System bus is checked by the CPU sending it signals.
4.) RTC or Real-Time Clock is checked
5.) POST tests the computers video components.
a. Video BIOS is added to overall BIOS stored in RAM
6.) RAM is tested
a. Data is written to RAM read back and compared.
7.) CPU checks the keyboard
a. Also checks to see if any keys are pressed.
8.) POST determines what drives (Floppy, CD, DVD, hard drives, etc.) are available to
the system.
9.) The POST results are compared against the expected results stored in RTC/NVRAM
10) All other components BIOS are added to the overall BIOS in RAM
11) POST is complete.
12) Searches available drives for an operating system.
a. Searches system according to the order in the boot sequence.
b. ROM BIOS boot code looks to the first sector of the boot hard drive for the
MBR
c. Reads it into memory and tests for validity with hex 55AA the last two bytes
of the sector.
13) MBR contains a 64 byte partition table located at byte offset 446 to 509.
d. Reads table for boot indicator byte that marks active partitions.
e. The MBR then reads the VBR of the active partition.
f. Reads it into memory and tests for validity with hex 55AA the last two bytes
of the first sector.
g. If true the programs searches and runs the operating system of that volume.
DOS Boot
14.) VBR locates and executes IO.SYS (IBMBIO.COM for IBM systems)
a. SYSINIT (a subroutine of IO.SYS) runs.
b. MSDOS.SYS is located read and copied into low level memory
15.) SYSINIT runs MSDOS.SYS
a. MSDOS.SYS initializes basic device drivers and checks on the status of system
equipment.
b. Works with the BIOS to manage files, execute code, and respond to
hardware signals.
16.) SYSINIT reads CONFIG.SYS file
a. The DEVICE statements are processed
b. The INSTALL statements are processed
c. The SHELL statement is processed
i. If no SHELL statement COMMAND.COM is run
d. COMMAND.COM is written into memory
17.) AUTOEXEC.BAT is run if present
a. If not present the DATE and TIME commands are run
18.) Command prompt appears
Windows NT/2000/XP Boot
14.) VBR locates and runs system file NTLDR.
a. The contents of BOOT.INI for startup options and boot menu options
b. If dual booting is enabled and the other OS is non-NT BOOTSEC.DOS runs.
c. If SCSI drives are attached to the system NTBOOLDD.SYS runs.
15.) NTDETECT.COM executes and searches the system for installed hardware and
passes data to NTLDR
16.) Gathered configuration data is passed to NTOSKRNL.EXE
a. The kernel is loaded
b. System registry information is loaded
c. Hardware Abstraction Layer (HAL) is loaded
17.) Drivers and code are loaded for networking systems
18.) Startup services and programs load and execute
19.) If new devices are detected Plug and Play assigns them system resources,
extracts drivers from DRIVERS.CAB and completes configuration and mounting of
those devices.
Related documents
Computer Software
Computer Software
Document
Document
System Software - Computing Systems` Blog
System Software - Computing Systems` Blog
Exam 1 Study Guide
Exam 1 Study Guide
System Software and Operating Systems
System Software and Operating Systems
System Software and Operating Systems
System Software and Operating Systems
Computers: Software Computer Layers
Computers: Software Computer Layers
2.0 Basic OS Concept Management Types of Interfaces
2.0 Basic OS Concept Management Types of Interfaces
2.1 Input Output Control System
2.1 Input Output Control System
Mebromi Rootkit
Mebromi Rootkit
Mainboard D1675
Mainboard D1675
Operating Systems Questions
Operating Systems Questions
Operating Systems CIS 250
Operating Systems CIS 250
A+ Guide to Managing and Maintaining your PC, 6e
A+ Guide to Managing and Maintaining your PC, 6e
A+ Guide to Managing and Maintaining your PC, 6e
A+ Guide to Managing and Maintaining your PC, 6e
Operating Systems
Operating Systems
Lecture 3 - The PC boot process
Lecture 3 - The PC boot process
Powerpoint document
Powerpoint document
POST
POST
Lakshmi Nannapaneni`s presentation on Patterns for Secure Boot
Lakshmi Nannapaneni`s presentation on Patterns for Secure Boot
Booting a PC
Booting a PC
CHAPTER 6 Configuration of BIOS
CHAPTER 6 Configuration of BIOS