Рет қаралды 4,415
Topics covered in this video:
- Windows booting workflow 00:45, 08:37
- MBR (Master Boot Record) 03:00
- MBR vs. Boot Sector 04:33
- MBR anatomy 05:04
- MBR live demonstration with PowerForensics Module 05:49
- BCD (Boot Configuration Database) 10:14
- BCD Terminology 12:40
- BCD, Serial Console and use cases on Azure 14:53
In this video you will understand how Windows boot process works, what part does BCD or MBR play in it, what is MBR and how can I inspect it on my machine?.
BCD is like GRUB for Linux (both are boot manager/loader abstraction), it stores the boot parameters and settings. If you want to enable EMS (for Serial Console access on Azure) or if you want to force Windows to boot into Safe Mode (if you are not able to do so) then you need to make your changes on the system BCD store.
Changes on BCD can be made live directly on the system while it's accessible or by attaching the OS disk copy to a working VM and make the changes there.
References:
01. en.wikipedia.org/wiki/Real_mode
02. A+ Certificate in Computer Maintenance and Installation Level 2 at Google books: books.google.jo/books?id=kdUE...
03. docs.microsoft.com/en-us/prev...
04. www.invoke-ir.com/2015/05/onth...
05. powerforensics.readthedocs.io...
06. www.invoke-ir.com/2015/05/onth...
07. docs.microsoft.com/en-us/wind...
08. en.wikipedia.org/wiki/Windows...
09. en.wikipedia.org/wiki/List_of...
10. docs.microsoft.com/en-us/prev...
11. docs.microsoft.com/en-us/prev...
12. docs.microsoft.com/en-us/wind...
13. en.wikipedia.org/wiki/Emergen...
14. docs.microsoft.com/en-us/wind...
More info about the included topics:
01. Disassembly of the MBR in details: www.dewassoc.com/kbase/hard_dr.... Or here: web.archive.org/web/201708250...
02. MBR Malware: www.symantec.com/connect/blog...
03. PowerForensics PS Module: github.com/Invoke-IR/PowerFor...