Digital forensics is the gathering and analysis of data from a digital device. In this video, we will discuss how to gather data from a memory card, the boot process, UEFI digital forensics, MBR exploit, boot process exploitation, cyber forensics, computer hard drive, and phone. We will also discuss how to analyze the data for evidence of any illegal activity.
In order to control the environment at the beginning of our investigation, we must understand it nearby. This is where digital evidence is stored, created and accessed. in most cases, It will be a computer system. I use the term “computer system” and what it contains is the bundling of an operating system, file system, and hardware to create a
computer. To be effective, you must understand the physical medium on which the data is stored.
The file system used on the storage device and how that data is tracked and accessed in the process on the storage device. Once you understand the process, you can implement controls protect the integrity of digital evidence.
So, what is the boot process? Well, when you push the power button and electricity energizes the system, a series of commands is issued. As it executes the commands, the system is taking steps (just like on a ladder) to achieve the goal of a running operating system. If something breaks any of those steps, then the system will not load.
The first step is the Power-On Self-Test (POST); the CPU will access the Read-Only
Memory (ROM) and the Basic Input/Output System (BIOS) and test essential motherboard functions. This is where you hear the beep sound when you turn the power on to the computer system. If there is an error, then the system will notify you of the error through the use of beep codes. If you do not have the motherboard manual, do a search to determine the meaning of the specific beep code.