Digital forensics is the process of storing, analyzing, retrieving, and preserving electronic

data that may be useful in an investigation. It includes data from hard drives in computers,
mobile phones, smart appliances, vehicle navigation systems, electronic door locks, and other
digital devices. The process's goal of diital forensics is to collect, analyze, and preserve
evidence.

History of Digital Forensics

The following is a brief history of digital forensics:

The term "digital forensics" is relatively new, having first appeared in the late 1900s after
being known as "computer forensics." The first group of computer forensic analysts consisted
of law enforcement officers who enjoyed playing with computers. The Federal Bureau of
Investigation (FBI) established the Computer Analysis and Response Team (CART) in 1984,
followed by the Metropolitan Police in the United Kingdom a year later.

At the turn of the century, law enforcement, investigators, and specialists recognized the need
for standard techniques, procedures, and protocols in digital forensics and other forensic
sciences. Many informal guidelines were used until discussions and conferences were held to
establish computer forensic methodology and practices on what computer forensics is today.

Steps of Digital Forensics

Now that you understand what is digital forensics, let’s look at its steps:

 Identification

This is the initial stage in which the individuals or devices to be analyzed are identified as
likely sources of significant evidence.

 Preservation

It focuses on safeguarding relevant electronically stored information (ESI) by capturing and

preserving the crime scene, documenting relevant information such as visual images, and
how it was obtained.

1
  Analysis

It is a methodical examination of the evidence of the information gathered. This examination

produces data objects, including system and user-generated files, and seeks specific answers
and points of departure for conclusions.

 Documentation

These are tried-and-true procedures for documenting the analysis's conclusions, and they
must allow other competent examiners to read through and duplicate the results.

 Presentation

The collection of digital information, which may entail removing electronic devices from the
crime/incident scene and copying or printing the device(s), is critical to the investigation.

Objectives of Digital Forensics

Knowing the primary objectives of using digital forensics is essential for a complete
understanding of what is digital forensics:

 It aids in the recovery, analysis, and preservation of computers and related

materials for the investigating agency to present them as evidence in a court of law

 It aids in determining the motive for the crime and the identity of the primary
perpetrator

 Creating procedures at a suspected crime scene to help ensure that the digital
evidence obtained is not tainted

 Data acquisition and duplication: The process of recovering deleted files and
partitions from digital media in order to extract and validate evidence

 Assists you in quickly identifying evidence and estimating the potential impact of
malicious activity on the victim

 Creating a computer forensic report that provides comprehensive information on

the investigation process

 Keeping the evidence safe by adhering to the chain of custody

Types of Digital Forensics

2
As digital data forensics evolves, several sub-disciplines emerge, some of which are listed
below:

 Computer Forensics

It analyzes digital evidence obtained from laptops, computers, and storage media to support
ongoing investigations and legal proceedings.

 Mobile Device Forensics

It entails obtaining evidence from small electronic devices such as personal digital assistants,
mobile phones, tablets, sim cards, and gaming consoles.

 Network Forensics

Network or cyber forensics depends on the data obtained from monitoring and analyzing
cyber network activities such as attacks, breaches, or system collapse caused by malicious
software and abnormal network traffic.

 Digital Image Forensics

This sub-specialty focuses on the extraction and analysis of digital images to verify
authenticity and metadata and determine the history and information surrounding them.

 Digital Video/Audio Forensics

This field examines audio-visual evidence to determine its authenticity or any additional
information you can extract, such as location and time intervals.

 Memory Forensics

It refers to the recovery of information from a running computer's RAM and is also known as
live acquisition.

Challenges Faced by Digital Forensics

Due to the evidentiary nature of digital forensic science, rigorous standards are required to
withstand cross-examination in court. Challenges faced by digital forensics are:

3
  Extracting data from locked, or destroyed computing devices is one of the
challenges that digital forensic investigators face

 Finding specific data entries within massive amounts of data stored locally or in
the cloud

 Keeping track of the digital chain of custody

 Ensuring data integrity throughout an investigation

Advantages of Digital Forensics

The following are some advantages of digital forensics:

 Enables Digital Evidence Analysis

Computer forensics uses investigation and analysis techniques to collect and preserve
evidence from a specific computing device to present it in court.

 Aids in the Identification of Criminals

Law enforcement officers can frequently track down suspects and piece evidence together to
prosecute them by analyzing data on computers and other digital devices.

 It Is Capable of Recovering Deleted Data

One advantage of using computer forensics to recover deleted data is that it is relatively
simple to do. Most of the time, all you need is the right software and a little know-how.

 Enlightens on How Crimes Are Committed

Computer forensics can shed light on how crimes are committed by analyzing digital
evidence.

 It Has the Potential to Be Used to Prevent Future Crimes

Law enforcement can better target their investigative efforts if they understand
how criminals use computers to commit crimes.

Disadvantages of Digital Forensics

4
The following are some disadvantages of digital forensics:

 Prolonged Procedure

Computer forensics is a lengthy process. Data collection and analysis can take days or weeks.

 Requires Specialized Knowledge and Skills

Computer forensics is a process that collects, examines, and reports digital evidence using
specialized skills and knowledge.

 Can Be Costly

Computer forensics can be costly because it requires specialized equipment and software and
is frequently performed by a specialist.

 Obtaining Evidence May Necessitate a Court Order

Obtaining the evidence may necessitate a court order. It means there could be a delay in
getting the evidence, giving the perpetrator time to destroy or tamper with it.

 Evidence Can Be Easily Destroyed or Manipulated

One of the most severe issues with computer forensics is the ease with which evidence can be
destroyed or tampered with. Even if investigators successfully recover deleted files or
damaged hard drives, there is no guarantee that the evidence has not been tampered with.

Overview of Forensic Psychology

Forensic psychology is a field that combines the practice of psychology and the law by
utilizing psychological expertise within the justice system. Forensic psychology may
encompass evaluating competency to stand trial, making sentencing recommendations,
offering expert testimony, performing child custody evaluations, participating in jury
selection, and providing psychotherapy to criminal offenders.

The word 'forensic' originates from the Latin word 'forensis,' which means "the forum," or the
court system of Ancient Rome. The American Board of Forensic Psychology describes this
field as the application of psychology to issues that involve the law and legal system.1

Interest in forensic psychology has grown significantly in recent years. Increasing numbers
of graduate programs offer dual degrees in psychology and law, while others provide
specialization in forensic psychology.

5
Some psychologists hold a specialist degree in forensic psychology, but most are licensed
psychologists with either a PhD. or PsyD. These professionals may work in both criminal and
civil law areas.

History
While forensic psychology is considered a rather new specialty area within psychology, the
field dates back to the earliest days in psychology's history. Philosophers and scientists have
long sought to understand what makes people commit crimes, behave aggressively, or engage
in antisocial behaviors.
Forensic psychology is a relatively new specialty area. In fact, forensic psychology was just
officially recognized as a specialty area by the American Psychological Association in 2001.2
Despite this, the field of forensic psychology has roots that date back to Wilhelm
Wundt's first psychology lab in Leipzig, German.
Learn more about some of the major events and key figures in the history of forensic
psychology.
Today, forensic psychologists are not only interested in understanding why such behaviors
occur, but also in helping minimize and prevent such actions.

The field has experienced dramatic growth in recent years as more and more students become
interested in this applied branch of psychology.2 Popular movies, television programs, and
books have helped popularize the field, often depicting brilliant heroes who solve vicious
crimes or track down killers using psychology.

While depictions of forensic psychology in popular media are certainly dramatic and
attention-grabbing, these portrayals are not necessarily accurate. That said, forensic
psychologists do play an important role in the criminal justice system. It can be an exciting
career for students interested in applying psychological principles to the legal system.

What Do They Do?

If you enjoy learning about the science of human behavior and the law, then forensic
psychology will probably interest you quite a bit. The field has witnessed dramatic growth in
recent years, as more and more students become interested in this applied branch of
psychology. However, forensic psychology is about much more than the glamorized views
portrayed in television shows, movies, and books.

Common Job Roles

Some of the functions typically performed within forensic psychology include:3

 Competency evaluations
 Sentencing recommendations
 Evaluations of the risk of reoffending
 Testimony as an expert witness
 Child custody evaluations
 Academic research on criminality
 Consult with law enforcement
 Treatment of criminal offenders

6
  Provide psychological services to inmates and offenders
 Trial consultants who help with jury selection, witness preparation, or legal strategies
 Design correctional programs

Forensic psychology is defined as the intersection of psychology and the law, but forensic
psychologists can perform many roles, so this definition can vary.

In many cases, people working in forensic psychology are not necessarily "forensic
psychologists." These individuals might be clinical psychologists, school psychologists,
neurologists, or counselors who lend their psychological expertise to provide testimony,
analysis, or recommendations in legal or criminal cases.
For example, a clinical psychologist might provide mental health services such as assessment,
diagnosis, and treatment to individuals who have come into contact with the criminal justice
system. Clinicians might be asked to determine if a suspected criminal has a mental illness, or
they may be asked to provide treatment to individuals who have substance abuse and
addiction issues.
Another example is that of a school psychologist. While people in this profession typically
work with children in school settings, a school psychologist working in forensic psychology
might evaluate children in suspected abuse cases, help prepare children to give testimony in
court, or offer testimony in child custody disputes.

Education and Training

Forensic psychology is not a common degree option, yet more and more schools are offering
it as a specialty. If you are interested in becoming a forensic psychologist, you should take
courses that focus on topics such as:

 Criminal psychology
 Social behavior
 Abnormal behavior
 Cognitive psychology
 Perception
 Drugs and psychopharmacology
 Law
 Criminal justice

Criminal Profiling
The ultimate goal of cyber-criminal profiling is to help in identifying or determining the real
identity of individual attackers or an attacker group involved in cyber-crimes by identifying
their characteristics, their tools and their relationships.

With the increase in the number of crimes in cyberspace, the detection, investigation and
apprehension of cybercriminals have also been comparatively difficult. With changing
methods and interdisciplinary approaches, there can be assistance to the criminal justice
system.

7
Profiling is a systemic linking of physical, behavioural, or psychological characteristics to
specific offences and their use as a basis for making law enforcement decisions. The goal of
profiling is to aid the criminal justice system in battling against crime, to provide a social and
psychological assessment of the offender; a psychological evaluation of belongings found in
the possession of the offender.

Criminal Profiling, an investigative approach, is based on the assumption that the crime scene
provides details about the offence and the offender. The term “offender profiling” was
introduced in the 1970s, linked to the activities of the FIB analysis unit. Initially, criminal
profiling was used for serial murders, but the boundaries of research expanded and are now
linked to various criminal offences such as rape, torture, murder, terrorism, cybercrime, etc.
Historically the prominent uses of criminal profiling involved famous cases such as Jack the
Ripper and Adolf Hitler. In the criminal profiling timeline, the investigative tool - Profiling
had not been introduced in a courtroom until 1998 (FBI).

Cyber Crime is a broad term that covers any criminal activity that involves a computer or the
Internet. People who commit cybercrime can be termed Cybercriminals. Website hijacking,
phishing, credential attack, malware attack, DDoS, information theft, etc. are all broad types
of cyber-attacks. The cost of a cyber-attack is huge. For example, the Denial of Service attack
(DoS) attack in 2000 caused huge financial damage to companies such as Amazon, eBay,
Dell, and CNN.

Virtual Crime Scene: The computer and the Internet can be seen as virtual crime scenes,
respectively. Steps taken at a physical crime scene can also be associated with a virtual
environment.

A Cyber trail is considered a virtual version of a signature left at a crime scene. Such
evidence lead us to link the suspect to a computer crime/ virtual crime scene. The possibility
of links between cybercrime investigations will also reduce the statistic of unsolved cyber
cases. Investigators can connect each attack in the separate companies to one hacker/hacker
group due to the cyber-trail they might leave behind. Cybercrime cases that involve multiple
victims tend to leave a cyber-trail that can accidentally connect their work with another
cybercrime investigatio

criminal profiling means a lot to the investigators. It allows investigators to link motive,
character, act and behavior of the offender. Although it primarily focuses on serial violent
offenses such as sexual assaults and murders, the changes in technology has increased the
emphasis and interest on applying it to cybercrime. Most cybercrimes are by nature serial in
that the offender habituates their behavior and commit multiple offenses. From this, signature

8
and modus operandi can be drawn. For example, analysis of indicators of the attack’s “digital
crime scene” can determine the computer hacker’s intrusion activity and provide them with
an insight. As such, it is an important method when it comes to classifying criminal
investigations. When an investigator uses profiling as the method to solve a criminal case; it
is always important to see the scene of crime, find traces, and evidence that a criminal leaves
at the crime scene. This way, the profiler can make good profiler of the offender.

Criminal profiling or profiling a criminal is a popular investigative technique where

psychological achievements are also used. Criminal profiling is often reflected in detective
films – by analyzing the features of a criminal offense, the investigator assumes about what a
potential criminal might be. For example, a murderer is a man, perhaps a young, powerful,
utterly cruel, living one, and so on. Criminal profile is a set of basic features of a person’s
character. The informal process of criminal profiling has a long history. The various sources
show different indications, such as the reference to the 15th century, but others that the
method was already used in 1880 to make predictions about a serial killer. While some
experts are discussing the effectiveness of this method, it has been used successfully in law
enforcement practices for more than a century. At the end of the 20th century and in the 21st
century, the method of criminal profiling was successfully applied by law enforcement
authorities. Criminal profiling is typically used in crimes where the offender’s identity is
unknown. Nowadays there are two types of criminal profiling: the deductive and inductive
approaches: -

Inductive profiling involves the application of statistical and probabilistic knowledge to a

current case, and the source of this information is usually criminological studies, the profiler's
own experience, intuition, bias, stereotypes, and generalizations. The strength of the
conclusion reached through inductive profiling is contingent on the probability of the
knowledge or research that has been utilized. It is found that although useful in developing
hypotheses, induction is not well suited to the final determination of offender characteristics.
It is observed that deductive profiling involves the assessment of the physical material
relating to the current case. Deductive profiling analyzes the evidence in the context of the
case. Sound reasoning and critical thinking skills are applied to arrive at a logical conclusion.
It is suggested that once the case has been thoroughly examined and hypotheses have been
generated, then the profiler can attempt to provide a behavioral interpretation of the physical
evidence. Apart from the practical implications, through an increased awareness of the logic

9
and reasoning employed in the profiling process, one will also be better able to understand
the individual methods and the utility they offer.

What is an operating system?

An operating system (OS) is the program that, after being initially loaded into the computer
by a boot program, manages all of the other application programs in a computer. The
application programs make use of the operating system by making requests for services
through a defined application program interface (API). In addition, users can interact directly
with the operating system through a user interface, such as a command-line interface (CLI) or
a graphical UI (GUI).

10
Why use an operating system?
An operating system brings powerful benefits to computer software and software
development. Without an operating system, every application would need to include its own
UI, as well as the comprehensive code needed to handle all low-level functionality of the
underlying computer, such as disk storage, network interfaces and so on. Considering the vast
array of underlying hardware available, this would vastly bloat the size of every application
and make software development impractical.

Instead, many common tasks, such as sending a network packet or displaying text on a
standard output device, such as a display, can be offloaded to system software that serves as
an intermediary between the applications and the hardware. The system software provides a
consistent and repeatable way for applications to interact with the hardware without the
applications needing to know any details about the hardware.

As long as each application accesses the same resources and services in the same way, that
system software -- the operating system -- can service almost any number of applications.
This vastly reduces the amount of time and coding required to develop and debug an
application, while ensuring that users can control, configure and manage the system hardware
through a common and well-understood interface.

What is the Windows registry?

The Windows registry is a centralized, hierarchical database that manages resources and
stores configuration settings for applications on the Windows operating system. Security
account services, user interfaces, and device drivers can all use the Windows registry. It also
helps monitor system performance and diagnose system errors.
The Windows registry has been In use since Windows 95, and it’s also used to help configure
programs in Windows XP, Vista, Windows 7, and all the way up to Windows 10 and
Windows 11.
Windows computers used to use a number of individual config files — such as autoexec.bat,
config.sys, and .ini files — but with the release of Windows 95, those were replaced with an
organized, hierarchical folder system. You can access the Windows registry by typing regedit
in the Windows taskbar.

11
Because the Windows registry controls important configuration settings on your
computer, you shouldn’t try to access or edit it without knowing exactly what you’re
doing.

What is regedit used for?

Regedit is the Windows registry editor, a graphical tool that lets you view and monitor the
Windows operating system’s registry and edit if necessary. Regedit lets you make root-level
or administrative-level changes to your computer and the configuration settings of
applications that connect to the registry, so you should be very careful when using it.
Only authorized users with administrative access can use the regedit tool — if you’re using a
work computer you may not have admin rights.

How does the Windows registry work

The registry helps Windows manage and operate your computer, ensuring access to critical
resources and helping important programs configure settings. A hierarchical database
structure of keys and values makes up the registry.
Registry keys are containers that act like folders, with values or subkeys contained within
them. Registry values are similar to files (not containers). The relatively straightforward
syntax and simple user interface keep the size of the registry low.
Not all applications use the registry. Some apps use XML files or local executable files to
store their settings. If you uninstall a program, you usually delete its settings from the registry
— but not always. Sometimes, even after you uninstall an app, certain configurations or other
settings stick around. In those cases, it helps to remove the junk from your PC.
The main branches of the registry are called hives. And most PCs have five of them. All the
folders in the registry are called keys except for these five hives. The hives in the Windows
registry have the following names:

HKEY_CLASSES_ROOT — keeps track of default file associations. This is how your

computer knows to open a Word (doc) file.

HKEY_CURRENT_USER — contains settings specific to your username in Windows.

HKEY_LOCAL_MACHINE — contains passwords, boot files, software installation files,

and security settings. This hive is abbreviated as HKLM and is the most critical hive.

12
HKEY_USERS — like the CURRENT_USER hive, except it’s for when more than one user
is logged onto the server or computer.

HKEY_CURRENT_CONFIG — a real-time measurement of different hardware activities.

Information in this hive isn’t saved permanently to the registry.

Inside these hives are more folders called keys. Keys contain values, which are the settings
themselves. Key settings are very granular, consisting of numbers and codes that dictate, for
example, how fast a letter repeatedly appears on your screen when you hold down its key.
You likely rarely think about those kinds of settings, but they need to be specified. And
Windows registry keys and values are where those definitions are stored.
Here is the registry editor in Windows 10, showing individual, detailed color settings:

The registry offers a significant amount of system customization, but you should back up
your system before you edit the registry. Whether you have the best possible Windows 10
gaming PC or if your laptop is a low-powered work computer, the registry is equally
important and should be fiddled with only when absolutely necessary.

When to use the Windows registry

You may need to use the Windows registry to fix performance issues, like if your computer
keeps crashing. Or, you might want to edit the registry to change parts of your user
experience, like your desktop settings. Sometimes, items in your registry might be broken, in
which case you should use a registry cleaner from a trusted software provider.
Before making any changes, always create a backup of the registry — a backup doesn’t take
up much space and will save you in case something goes wrong.

13
Registry errors can happen when keys or values aren’t found in their usual place. A power cut
can make part of the registry go unsaved, upsetting the hierarchical structure. More
urgently, malware might have gained access to your registry. If you think that’s happened,
use malware removal software immediately. For real-time, comprehensive security,
download free antivirus for Windows 10 or Windows 11.
The granular nature of registry values means you can customize your experience far beyond
what’s possible in the normal settings menu. In fact, if you’re an expert user, you can edit the
Windows registry to try to speed up your PC.
Of course, if you have broken registry items or junk clogging up your system, you should
first try using one of the best PC cleaning tools out there. Even simply your deleting
temporary files can help.
Since the registry is critical to system performance, your computer can malfunction quickly if
items get jumbled there. Using a trusted PC optimization tool will help tidy things up,
without the risk that comes with trying to edit the registry yourself.
Avast Cleanup clears out the clutter that builds up in the registry, ensuring your computer
stays streamlined and runs smoothly. And it has an automatic maintenance feature, so after
you install it, you don’t have to worry about fiddling with any settings.

Booting in Operating System

Booting is the process of starting a computer. It can be initiated by hardware such as a button
press or by a software command. After it is switched on, a CPU has no software in its main
memory, so some processes must load software into memory before execution. This may be
done by hardware or firmware in the CPU or by a separate processor in the computer system.

Restarting a computer also is called rebooting, which can be "hard", e.g., after electrical
power to the CPU is switched from off to on, or "soft", where the power is not cut. On some
systems, a soft boot may optionally clear RAM to zero. Hard and soft booting can be initiated
by hardware such as a button press or a software command. Booting is complete when the
operative runtime system, typically the operating system and some applications, is attained.

The process of returning a computer from a state of sleep does not involve booting; however,
restoring it from a state of hibernation does. Minimally, some embedded systems do not
require a noticeable boot sequence to begin functioning and, when turned on, may run
operational programs that are stored in ROM. All computer systems are state machines and a

14
reboot may be the only method to return to a designated zero-state from an unintended,
locked state.

In addition to loading an operating system or stand-alone utility, the boot process can also
load a storage dump program for diagnosing problems in an operating system.

Sequencing of Booting
Booting is a start-up sequence that starts the operating system of a computer when it is turned
on. A boot sequence is the initial set of operations that the computer performs when it is
switched on. Every computer has a boot sequence.

1. Boot Loader: Computers powered by the central processing unit can only execute code
found in the system's memory. Modern operating systems and application program code and
data are stored on nonvolatile memories. When a computer is first powered on, it must
initially rely only on the code and data stored in nonvolatile portions of the system's memory.
The operating system is not really loaded at boot time, and the computer's hardware cannot
perform many complex systems actions.

The program that starts the chain reaction that ends with the entire operating system being
loaded is the boot loader or bootstrap loader. The boot loader's only job is to load other
software for the operating system to start.

2. Boot Devices: The boot device is the device from which the operating system is loaded.
A modern PC BIOS (Basic Input/Output System) supports booting from various devices.
These include the local hard disk drive, optical drive, floppy drive, a network interface card,
and a USB device. The BIOS will allow the user to configure a boot order. If the boot order is
set to:

15
 o CD Drive
o Hard Disk Drive
o Network

The BIOS will try to boot from the CD drive first, and if that fails, then it will try to boot
from the hard disk drive, and if that fails, then it will try to boot from the network, and if that
fails, then it won't boot at all.

3. Boot Sequence: There is a standard boot sequence that all personal computers use. First,
the CPU runs an instruction in memory for the BIOS. That instruction contains a jump
instruction that transfers to the BIOS start-up program. This program runs a power-on self-
test (POST) to check that devices the computer will rely on are functioning properly. Then,
the BIOS goes through the configured boot sequence until it finds a bootable device. Once
BIOS has found a bootable device, BIOS loads the bootsector and transfers execution to the
boot sector. If the boot device is a hard drive, it will be a master boot record (MBR).

The MBR code checks the partition table for an active partition. If one is found, the MBR
code loads that partition's boot sector and executes it. The boot sector is often operating
system specific, and however, in most operating systems, its main function is to load and
execute the operating system kernel, which continues start-up. Suppose there is no active
partition, or the active partition's boot sector is invalid. In that case, the MBR may load a
secondary boot loader which will select a partition and load its boot sector, which usually
loads the corresponding operating system kernel.

Types of Booting
There are two types of booting in an operating system.

1. Cold Booting: When the computer starts for the first time or is in a shut-down state
and switch on the power button to start the system, this type of process to start the
computer is called cold booting. During cold booting, the system will read all the
instructions from the ROM (BIOS) and the Operating System will be automatically
get loaded into the system. This booting takes more time than Hot or Warm Booting.
2. Warm Booting: Warm or Hot Booting process is when computer systems come to no
response or hang state, and then the system is allowed to restart during on condition.

16
 It is also referred to as rebooting. There are many reasons for this state, and the only
solution is to reboot the computer. Rebooting may be required when we install new
software or hardware. The system requires a reboot to set software or hardware
configuration changes, or sometimes systems may behave abnormally or may not
respond properly. In such a case, the system has to be a force restart. Most
commonly Ctrl+Alt+Del button is used to reboot the system. Else, in some systems,
the external reset button may be available to reboot the system.

Booting Process in Operating System

When our computer is switched on, it can be started by hardware such as a button press, or by
software command, a computer's central processing unit (CPU) has no software in its main
memory, there is some process which must load software into main memory before it can be
executed. Below are the six steps to describe the boot process in the operating system, such
as:

Step 1: Once the computer system is turned on, BIOS (Basic Input /Output System)
performs a series of activities or functionality tests on programs stored in ROM, called
on POST (Power-on Self Test) that checks to see whether peripherals in the system are in
perfect order or not.

Step 2: After the BIOS is done with pre-boot activities or functionality test, it read bootable
sequence from CMOS (Common Metal Oxide Semiconductor) and looks for master boot
record in the first physical sector of the bootable disk as per boot device sequence specified
in CMOS. For example, if the boot device sequence is:

o Floppy Disk

o Hard Disk

o CDROM

Step 3: After this, the master boot record will search first in a floppy disk drive. If not found,
then the hard disk drive will search for the master boot record. But if the master boot record
is not even present on the hard disk, then the CDROM drive will search. If the system cannot
read the master boot record from any of these sources, ROM displays "No Boot device
found" and halted the system. On finding the master boot record from a particular bootable

17
disk drive, the operating system loader, also called Bootstrap loader, is loaded from the boot
sector of that bootable drive· into memory. A bootstrap loader is a special program that is
present in the boot sector of a bootable drive.

Step 4: The bootstrap loader first loads the IO.SYS file. After this, MSDOS.SYS file is
loaded, which is the core file of the DOS operating system.

Step 5: After this, MSDOS.SYS file searches to find Command Interpreter

in CONFIG.SYS file, and when it finds, it loads into memory. If no Command Interpreter is
specified in the CONFIG.SYS file, the COMMAND.COM file is loaded as the default
Command Interpreter of the DOS operating system.

Step 6: The last file is to be loaded and executed is the AUTOEXEC.BAT file that contains a
sequence of DOS commands. After this, the prompt is displayed. We can see the drive letter
of bootable drive displayed on the computer system, which indicates that the operating
system has been successfully on the system from that drive.

What is Dual Booting

When two operating systems are installed on the computer system, then it is called dual
booting. Multiple operating systems can be installed on such a system. But to know which
operating system is to boot, a boot loader that understands multiple file systems and multiple
operating systems can occupy the boot space.

Once loaded, it can boot one of the operating systems available on the disk. The disk can
have multiple partitions, each containing a different type of operating system. When a
computer system turns on, a boot manager program displays a menu, allowing the user to
choose the operating system to use

18