Forensic Analysis of BIOS Chips

  • Pavel Gershteyn
  • Mark Davis
  • Sujeet Shenoi
Conference paper

DOI: 10.1007/0-387-36891-4_24

Volume 222 of the book series IFIP Advances in Information and Communication (IFIPAICT)
Cite this paper as:
Gershteyn P., Davis M., Shenoi S. (2006) Forensic Analysis of BIOS Chips. In: Olivier M.S., Shenoi S. (eds) Advances in Digital Forensics II. IFIP Advances in Information and Communication, vol 222. Springer, Boston, MA

Abstract

Data can be hidden in BIOS chips without hindering computer performance. This feature has been exploited by virus writers and computer game enthusiasts. Unused BIOS storage can also be used by criminals, terrorists and intelligence agents to conceal secrets. However, BIOS chips are largely ignored in digital forensic investigations. Few techniques exist for imaging BIOS chips and no tools are available specifically for analyzing BIOS data.

This paper focuses on the Award BIOS chip, which is commonly used in IBM compatible machines. It demonstrates how data may be concealed within BIOS free apace and modules in a manner that makes it accessible using operating system commands. Furthermore, forensically sound techniques are described for detecting and recovering concealed data from BIOS chips.

Keywords

BIOS chips Award BIOS data concealment evidence recovery 
Download to read the full conference paper text

Copyright information

© IFIP Internatonal Federation for Information Processing 2006

Authors and Affiliations

  • Pavel Gershteyn
    • 1
  • Mark Davis
    • 1
  • Sujeet Shenoi
    • 1
  1. 1.University of TulsaTulsaUSA