How can you make sure a subject’s computer boots to a forensic floppy disk or CD?

What will be an ideal response?

ANSWER: When a subject’s computer starts, you must make sure it boots to a forensically configured CD, DVD, or USB drive, because booting to the hard disk overwrites and changes evidentiary data. To do this, you access the CMOS setup by monitoring the computer during the bootstrap process to identify the correct key or keys to use. The bootstrap process, which is contained in ROM, tells the computer how to proceed. As the computer starts, the screen usually displays the key or keys, such as the Delete key, you press to open the CMOS setup screen. You can also try unhooking the keyboard to force the system to tell you what keys to use. The key you press to access CMOS depends on the computer’s BIOS.

If necessary, you can change the boot sequence so that the OS accesses the CD/DVD drive, for example, before any other boot device. Each BIOS vendor’s screen is different, but you can refer to the vendor’s documentation or Web site for instructions on changing the boot sequence.