White Papers
Image Capture
Administrators can capture images of corrupted or tampered BIOS for analysis and remediation. When run, Trusted Device
queries the EFI partition for a corrupt or tampered image. If an image is detected, it is copied from the EFI partition to
%PROGRAMDATA%\Dell\TrustedDevice\ImageCapture. If off-host verification fails, Trusted Device copies corrupt or
tampered images from memory to %PROGRAMDATA%\Dell\TrustedDevice\ImageCapture.
Administrators can invoke image capture, configure captured image storage locations, and export most recent or all images.
Each captured image is signed and named based on the following:
● If copied from the EFI partition - BIOSImageCaptureMMDDYYYY_HHMMSS.rcv
● If copied from memory - BIOSImageCaptureBVSMMDDYYYY_HHMMSS.bv
MMDDYYYY is the date and HHMMSS is the time of image copy. For Command-Line parameters, see Run the Utility.
For more information about Image Capture and the Windows Registry, see Results, Troubleshooting, and Remediation .
7
Image Capture 19