Hello fine people of the Kali community. I have been using a bootable UEFI USB version of KALI on laptops to leverage dc3dd to make forensic images of internal laptop drives since the company moved from McAfee (Safeboot) FDE to Bitlocker that's tied to the TPM chip. This has been working well for several years until I encountered the latest Dell that is starting to be deployed to users today. Normally, I have to go into bios settings and turn off secure boot (if enabled) and then escape to the boot menu to select my USB Kali drive. Today, the Dell Latitude 5240 bios was set to disable secure boot and I can get to the Kali grub boot selection menu were I normally choose Forensics Mode and see the startup initiate before getting the desktop loaded. On the Dell 5240, the boot to the grub menu via USB is working, but once selecting forensics mode, I get a black rectangle which covers most of the screen that just sits there and never boots. Via the indicator LEDs, I see the USB drive and the external USB adapter that has my blank target disk connected get polled by the OS, but that's about it. Any suggestions on other UEFI bios settings to check or anything else I might consider? Luckily this is not a case where I need to follow full forensic procedures as it is more data recovery versus a forensic examination. So, booting the system from the native OS and imaging live is an option.
Thanks.
Tim
