Book Two- Chapter Three-Boot Process Flashcards Preview

Computer Forensics > Book Two- Chapter Three-Boot Process > Flashcards

Flashcards in Book Two- Chapter Three-Boot Process Deck (10)
Loading flashcards...

What does the term booting mean?

Booting, AKA bootstrapping, is the process of loading and operating system into a computer's main memory. This step takes place during the boot sequence, which is the set of steps a computer system takes after it has been powered on.


Describe the purpose of the master boot record:

Boot sector- a memory sector of a hard disk, floppy disk, or similar data storage device that contains code for bootstrapping systems. The boot sector on a disk is always the firt sector on the first track. each valid boot sector has two bytes (0x55AA) called a boot sector signature, at the end of the sector. There are 2 major kinds of boot sectors:

1. Volume boot record: it is the first sector of a data storage device that has not been partitioned, or the first sector of an individual partition on a data storage device that has been partitioned. it contains code to load and invoke the operating system or other stand-alone program installed on that device or within that partition.

2. Master boot record: it is the first sector of a data storage device that has been partitioned. it contains code to locate the active partition and to invoke its volume boot record. A master boot record contains the following structures:

-Master partition table: It is a small bit of code that contains a complete description of the partitions that are contained on the storage device.

-Master boot code: A small bit of computer code loaded and executed by the BIO's to start the boot process. The BIOS (basic Input/Output System) is the program a PC's microprocessor uses to get the computer system started after a user turns it on.


Write down the basic system boot process:

After the computer's power is turned on, it goes through a number of steps (11)

1. The system clock generates a series of clock ticks, which intializes the CPU

2. The CPU looks to the system's startup program in the ROM BIOS for it's first instruction.

3. The first instruction is to run the power-on self test (POST), in a predetermined memory address.

4. POST checks the BIOS chip and then tests CMOS RAM (complementary metaloxide semiconductor) memory holds the system date, time, and setup parameters.

5. If there is no battery failure, POST checks the inventoried hardware devices such as the video card; secondary storage devices, such as hard drives and floppy drives; ports; and other hardware devices, such as they keyboard and mouse, to check whether they are functioning properly.

6. CPU intialization is completed if everything is fine.

7. The BIOS looks into the CMOS chip to find the drive where the OS is installed

8. The BIOS then checks the boot record of the drive to find the beginning of the OS and the subsequent program file that initializes the OS.

9. The BIOS copies its files into memory after OS intialization.

10. The OS takes over control of the boot process.

11. The OS performs another inventory of the system's memory and memory avalability, and loads the device drivers that it needs to control the peripheral devices, such as a printer, scanner, optical drive, mouse, and keyboard.


What is a kernel?

The kernel is the principal part of an OS that loads first and is stored in physical memory (RAM).


Explain the Mac OS X boot process:

****The boot process in Mac OS X depends on 3 important parts: Mac's Open Firmware, the boot loader, and the typical Mac OS X boot sequence. The firmware is not part of MAC OS X, but it plays an important role in the operation of the machine and is useful in debugging.

Firmware = is the software programs or instructions stored in the read-only memory (ROM) of a hardware device that provide the necessary instructions during the boot process for the computer to find the installed operating system and continue to boot up.

1. Firmware is the first operation to execute when a computer powers on. Open Firmware looks for hardware installed on the computer to intialize the boot drive. Open Firmware then loads a file of type tbxi (Boot X- this is the default boot loader for Mac OS X) from the boot partition of the hard drive and executes it. This file contains information about booting. Open Firmware can directly load ELF, XCOFF, and bootinfo. Boot X reads the root partition out of NVRAM. Control then passes to /System/Library/CoreServces/BootX, the boot loader. Boot X copies Mac OS X device drivers from the boot partition into memory and disables all address translations. It loads the kernel. At this time, Open Firmware is no longer accessible.

2. The init routine of the kernel executes

3. the kernel determines the root device of the booting system.

4. The kernel initializes Mach/BSD data structures.

5. The kernel initiliazes I/O Kit

6. The kernel starts /sbin/mach_init. this process maintains mappings between service names and the Mach ports that provide access to those services.

7. After the kernel processes have started, the folllowing user-level steps take place:

* The mach_init process starts /sbin/init, the traditional BSD init process. t'he init process determines the run level and runs /etc/rc.boot, which sets up the machine enough to run in single-user mode. The rc.boot process determines the type of boot, which could be multiuser, safe, CD-ROM, network, and so on. Ex: if it sets the sysctl variable kern.netboot, then it is a network boot. The process/etc/rc.netboot handles various aspects of network booting; for instance, it performs network and (if any) local mounts. The process cr.boot checks to see if any file systems require a consistency check.

*Single user and CD-ROM boots do not run fsck. safe mode always runs fsck. The rc.boot process handles the return status of fsck.

*The /etc/rc process finally launches /sbin/SystemStarter, which handles the startup items. These items are located in /System/Library/StartupItems and /Library/StartupItems.

8. Finally, the Mac OS X desktop is loaded with login windows by default, and the login window application under /System/Library/CoreServices is executed for the console device. The user can put the sytem into non-graphical login mode using /etc/ttys.


What is the role of a boot loader in booting?

A boot loader or boot manager is a program that loads the OS into a computer's memory when the system is booted. Multiple-stage boot loaders-where a number of small programs call each other, and the last program loads the OS- are common.


Explain the Windows 7 boot process:

After the power supply is swtiched on, a computer running Windows 7 goes through the following steps:

1. the power-on self-test (POST) begins

2. the POST then checks for BIOS on each adapter card

3. POST then reads the master boot record (MBR)

4. The MBR assumes control of the boot process and starts the BOOTMGR.

5. The BOOTMGR reads the Boot Configuration Data file to determine which operating system to load and where the OS is found on the boot partition.

6. BOOTMGR then initiates WINLOADER.EXE to load the essential system files NTOSKRNL.EXE and HAL.DLL.

7. BOOTMGR then reads the registry files and loads all required device drivers.

8. NTOSKRNL.EXE then starts WINLOGIN.EXE and displays the graphical user interface (GUI) Windows login screen.


Briefly explain the purpose of the BIOS

The program a PC's microprocessor uses to get the computer system started after a user turns it on; it also manages data flow between the computer's OS and attached devices such as the hard disk, video adaptor, keyboard, mouse, and printer.


Briefly explain the purpose of the CMOS

The semiconductor technology used in the transistors that are manufactured for most of today's computer microchips;computers contain a small amount of battery-powered CMOS memory to hold the date, time, and system setup parameters.


Explain the difference between a cold boot (hard boot) and a warm boot (soft boot):

Rebooting a computer through the menu option or the keystroke combination is sometimes referred to as a warm boot (soft boot), whereas simply pressing the computer's power button once to turn it off and then again to turn it back on is a cold (hard) boot.