6RECONSTRUCTING SYSTEM BOOT AND INITIALIZATION
This chapter covers the forensic analysis of the Linux system boot and initialization process. We’ll examine the early boot stages where the BIOS or UEFI firmware pass control to the bootloader, the loading and executing of the kernel, and systemd initialization of a running system. Also included here is analysis of power management activities like sleep and hibernation, and the final shutdown process of the system.
Analysis of Bootloaders
Traditional PCs used a BIOS (basic input/output system) chip to run code from the first sector of a disk to boot the computer. This first sector is called the ...
Get Practical Linux Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
