White Papers

Image Capture
Administrators can capture images of corrupted or tampered BIOS for analysis and remediation. When run, Trusted Device
queries the EFI (Extensible Firmware Interface) partition for a corrupt or tampered image. If an image is detected, it is copied
from the EFI partition to %PROGRAMDATA%\Dell\TrustedDevice\ImageCapture. If off-host verification fails, Trusted Device
copies corrupt or tampered images from memory to %PROGRAMDATA%\Dell\TrustedDevice\ImageCapture. Image Capture
data is retained for 200 days.
Administrators can invoke image capture, configure captured image storage locations, and export most recent or all images.
Each captured image is signed and named based on the following:
If copied from the EFI partition - BIOSImageCaptureMMDDYYYY_HHMMSS.rcv
If copied from memory - BIOSImageCaptureBVSMMDDYYYY_HHMMSS.bv
MMDDYYYY is the date and HHMMSS is the time of image copy. For Command-Line parameters, see Run the BIOS Verification
Agent.
For more information about Image Capture and the Windows Registry, see Results, Troubleshooting, and Remediation .
8
Image Capture 21