# Forensic Boot Tools

DOS boot disk (obsolete, but some times required).

* There are three files required to boot a computer into MS-DOS:
  * `O.SYS,MSDOS.SYS` and `COMMAND.COM`
* If present are also used in the boot process:
  * `DRVSPACE.BIN` or `DBLSPACE.BIN`, `CONFIG.SYS` and `AUTOEXEC.BAT`

How to create a **forensic** bootable diskette:

* on the command line of Windows 98: `format a: /U /S`
  * `/U` unconditional format.
  * `/S` copy the necessary system files over to the diskette, in order to make it a boot disk.
* then remove every file from the diskette except the mandatory three.
* remove special attributes from the files to be deleted: `attrib -H -R -S filename`
  * later, if possible to customize the forensic boot disk by adding `CONFIG.SYS` and `AUTOEXEC.BAT` files write-blocking utilities and other forensic tools.

## Bootable Diskette

If you don't have a Windows 98 running:

* HP makes an easy to use utility called HP USB Disk Format Tool, which includes a "Create a DOS Startup Disk" option.
  * It's available for free download [here](http://www.19systems.net/HP-USB-Tool-v2.1.8.exe) along with the Windows 98/DOS boot [files](http://www.19systems.net/Win98-Boot-Files.zip).
* Once the bootable diskette is created follow the same procedure to make it "forensic":
  * remove every file from the diskette except the mandatory three `O.SYS.MDDOS.SYS` and `COMMAND.COM` later, it is possible to customiza the forensic boot disk by adding `CONFIG:SYS` and `AUTOEXEC.BAT` files write-blocking utilities and other forensic tools.