USB bootable CD protect against rootkits?

Question

I have a infected computer, which I am trying to diagnose. The attack is probably very sophisticated, and I am not yet sure whether this has happened in the bios, mbr, active partition or any other space. The attack is ongoing, but I need to figure it out while its happening.

I am considering using a USB bootable OS to diagnose the device.

Haven't done this in a while, but what is the typical bootsequence if I try to load the OS from a USB device?

The reason I ask is because, if my bios/mbr/other partition is infected, even if I load from the USB, my computer and information could still be compromised.

Thanks

Answer 1

The BIOS/UEFI is essential to initialize and boot the system, which includes finding the bootable disk (built-in, external USB, CD-ROM...), loading the initial code from it and executing it. You usually can specify in the BIOS which disks or external devices it should probe for systems and you can disable the problematic disk with a potentially infected MBR or partition there. Then you could use one of the various Linux Live distributions to boot from USB.

If you don't even trust the BIOS of this specific system anymore it is better to not use this computer to access the disk. Instead remove the disk from the system and put it into a different and trusted system to access the data there. Note that this still leaves the possibility that the disk firmware is infected too but this is even more unlikely than an infected BIOS.

Answer 2

You can make a live bootable USB of any Operating System(like Ubuntu, Fedora, Kali e.t.c.) to copy your important data to other sources with the help of another USB ports in your system. And as far as I know, I don't think the data will be compromised more using this method because using this Live OS instead of the OS in your storage.