Slide PDF

Computer Start Up
Power On
CPU
- Clears registers
- Looks in firmware for instructions
Computer Firmware
CPU
POWER ON
BIOS or UEFI
POST
Boot Loader
BOOT LOADER
- performs Power On Self Test (POST)
- if successful, starts bootstrap loader
- Searches boot sector on boot device for
operating system loader
Operating System Loader
OS LOADER
Operating System
OPERATING
SYSTEM
- Loads operating system into memory
- configures memory for operating system to run
- Initializes system structures
- Begins user interface program
Computer Firmware (EEPROM)
-
First place the CPU goes when
powered on
CPU
POWER ON
BIOS
-
POST
Basic Input Output System
Windows PC's (x86)
BOOT LOADER
UEFI
-
Unified Extensible Firmware
Interface
Intel Macintosh Computers
OS LOADER
Open Firmware
-
OPERATING
SYSTEM
PowerPC Macintosh Computers
Target Disk Mode
00:20
01:45
Computer Firmware
Power On Self Test
Firmware Programs
-
Power On Self Test (POST)
CPU
POWER ON
Boot Loader
POST
User Interface
Firmware Data (CMOS)
-
BOOT LOADER
Basic information about system
Firmware is customized for
each hardware manufacturer
OS LOADER
Phoenix
Award
Microid Research (MR)
Intel
American Megatrends International (AMI)
OPERATING
SYSTEM
POST
-
CPU begins executing this code when
powered on
-
Tests key system components
-
PASS
TEST MEMORY (RAM)
If POST fails or results differ from CMOS
TEST
FAIL VIDEO
VIDEO ADAPTER
ADAPTER
Halts machine
03:00
03:40
Power On Self Test
Bootstrap Loader
POST
-
CPU begins executing this code when
powered on
-
Tests key system components
-
POST
PASS
TEST MOTHERBOARD
- Compares results to CMOS
PASS
TEST MEMORY (RAM)
If all tests are passed
PASS
TEST VIDEO ADAPTER
- Control is passed to the Boot Loader
Initiates a search for an
-
PASS
TEST DISK CONTROLLER
BOOT LOADER
05:30
Operating System Loader or
Operating System
- Searches beginning of disk for boot
record
- Search order based on CMOS
settings
If one is found
-
OS/OS loader is moved into
system memory (RAM)
-
OS/OS loader is given control of
the system
PASS
TEST KEYBOARD
KEYBOARD CONTROLLER
CONTROLLER
PASS
TEST MOTHERBOARD
- Compares results to CMOS
- Issues error message
- Error displayed on screen
- Series of beeps issued on speaker
- Each component has a beep code
- Video failure - two beeps
-
POST
05:49
BOOT LOADER
CHECK
OP SYSBOOT
LOADER
SECTOR
NOT
OF BOOT
FOUND
DEVICE
CHECK
OP SYS
BOOT
LOADER
SECTOR
OF NEXTFOUND
BOOT DEVICE
OS LOADER
OPERATING
SYSTEM
Firmware Data
Stored in CMOS
- Complimentary Metal Oxide
Semiconductor
-
Firmware Interface
-
Basic information about
system
- Hardware Configuration
- Date/Time
- Installed Drives
-
User Interface
BIOS Character Graphics
F10
F2
Delete key
ctrl+alt+esc
ctrl+alt+s
- Can be entered during POST
- Display key varies by BIOS
manufacturer
-
UEFI
rEFIt
- Operating system interface
- Control Panels or System
Can be updated by
- Firmware User Interface
- Operating System
Allows user to change settings
Preferences
-
Open Firmware
- option-command-o-f
0 > dev / ok
0 > ls
ff886d58: /PowerPC,G4@0
ff8871f8:
/l2-cache
ok
0 > dev PowerPC,G4@0
ok
0 > .properties
name
cpu
reg
00000000
cpu-version
80020101
state
running
clock-frequency
4a817c7b
bus-frequency
09ef21aa
07:13
08:25
User Interface
Firmware Chips
Firmware Startup
Password Reset
-
Common for a digital forensic
examiner
Disconnect system power and
remove battery
Dip switches
Jumpers
Laptops
-
The ROM BIOS chip
-
A Read Only Memory chip which contains the
basic input output system programs
-
First generation had the programs “burned” into
the chips at the time of manufacture
-
Not possible to change the BIOS (instruction set)
without changing the actual ROM BIOS chip
-
If changes to the BIOS or the motherboard were to
be made, new BIOS chips had to be manufactured
Can have Hard Drive
Passwords in addition to
startup passwords
Cannot be reset
09:48
Firmware Chips
10:51
Firmware Chips
EPROM Chip
-
Second Generation - Erasable Programmable
Read Only Memory (EPROM) chip
-
Programmed using a EPROM programmer
device
-
Erased with high intensity ultraviolet light
-
BIOS could be modified for specific purposes
Allowed for BIOS and motherboard updates and
improvements without wasting existing BIOS chip
inventories
11:13
EEPROM Chip
-
Third Generation - Current - Electrically
Erasable Programmable Read Only Memory
(EEPROM)
-
BIOS is re-programmed using a software
program executed by the host computer
-
BIOS manufacturers can issue updates and/or
fixes via software
-
Commonly referred to as Flash BIOS
11:38