Forensic Boot Tools

DOS boot disk (obsolete, but some times required).

• There are three files required to boot a computer into MS-DOS:

  • O.SYS,MSDOS.SYS and COMMAND.COM

• If present are also used in the boot process:

  • DRVSPACE.BIN or DBLSPACE.BIN, CONFIG.SYS and AUTOEXEC.BAT

How to create a forensic bootable diskette:

• on the command line of Windows 98: format a: /U /S

  • /U unconditional format.

  • /S copy the necessary system files over to the diskette, in order to make it a boot disk.

• then remove every file from the diskette except the mandatory three.

• remove special attributes from the files to be deleted: attrib -H -R -S filename

  • later, if possible to customize the forensic boot disk by adding CONFIG.SYS and AUTOEXEC.BAT files write-blocking utilities and other forensic tools.

Bootable Diskette

If you don't have a Windows 98 running:

• HP makes an easy to use utility called HP USB Disk Format Tool, which includes a "Create a DOS Startup Disk" option.

  • It's available for free download here along with the Windows 98/DOS boot files.

• Once the bootable diskette is created follow the same procedure to make it "forensic":

  • remove every file from the diskette except the mandatory three O.SYS.MDDOS.SYS and COMMAND.COM later, it is possible to customiza the forensic boot disk by adding CONFIG:SYS and AUTOEXEC.BAT files write-blocking utilities and other forensic tools.