Hirens Boot -

| Category | Example Tool | Underlying Tech | |----------|--------------|----------------| | Partition | Partition Wizard, GParted | Direct disk R/W via kernel driver (partmgr.sys) | | Password | NTPWEdit, Lazesoft | SAM hive manipulation (offline registry write) | | Forensics | FTK Imager, Autopsy | Volume shadow copy access, sector-level hashing | | Network | TightVNC, TeamViewer (portable) | WinPE net drivers + TCP tunneling | | Hardware | MemTest86, HDD Sentinel | Direct I/O ports, SMART via ATA commands | | Backup | Clonezilla, Macrium Reflect | dd-style imaging + compression (gzip, zstd) |

UEFI/BIOS → GRUB2 → bootmgfw.efi → winload.efi → RAM disk (boot.wim) → Startnet.cmd → Pecmd.ini → Desktop (explorer.exe + WinXShell) hirens boot