Chapter

Advances in Digital Forensics II

Volume 222 of the series IFIP Advances in Information and Communication pp 301-314

Forensic Analysis of BIOS Chips

  • Pavel GershteynAffiliated withUniversity of Tulsa
  • , Mark DavisAffiliated withUniversity of Tulsa
  • , Sujeet ShenoiAffiliated withUniversity of Tulsa

Abstract

Data can be hidden in BIOS chips without hindering computer performance. This feature has been exploited by virus writers and computer game enthusiasts. Unused BIOS storage can also be used by criminals, terrorists and intelligence agents to conceal secrets. However, BIOS chips are largely ignored in digital forensic investigations. Few techniques exist for imaging BIOS chips and no tools are available specifically for analyzing BIOS data.

This paper focuses on the Award BIOS chip, which is commonly used in IBM compatible machines. It demonstrates how data may be concealed within BIOS free apace and modules in a manner that makes it accessible using operating system commands. Furthermore, forensically sound techniques are described for detecting and recovering concealed data from BIOS chips.

Keywords

BIOS chips Award BIOS data concealment evidence recovery