So, you are interested in becoming a digital forensic analyst? That is great! It is an exciting and growing field, one filled with many possibilities for the enthusiastic learner. The purpose of this article is to introduce those interested in the forensics field with one of the most important tools in their toolbox, the hardware write blocker.
Any computer forensics course or book will stress that one of the most important parts of the job is preserving the state of the evidence to be examined. This begins at the seizure of said evidence and it carries all the way through to either the trial or when the evidence is finally destroyed or released. This is where the write blocker makes its entrance into the forensic framework.
It was originally designed to test the Windows XP SP2 USB software write blocker, but has been adapted to test any hardware and/or software write blockers. Step #1 – Prepare the media a) Attach the storage media you will be testing with to your forensic workstation in write-enabled mode. B) Wipe the media - validate that this has been successful. Hardware cannot function until software is loaded and software is installed in hardware to set the programs in action. Firewalls are available for both hardware and software. The most popular firewall choice is a software firewall; these are installed on the computer (like any software) and can be customized to suit individual users. Dec 21, 2016 In order to perform this vital part of your job one of the tools available to you is the write blocker. These are pieces of hardware, versus software write blockers, that provide a level of protection which will allow you to access the evidence, without changing it. SAFE Block allows for data acquisition at speeds up to 10 times faster than that of hardware write-blockers (the software write-blocker does not require device interface bridging from one interface technology to another, which is often a significant data I/O bottleneck). May 27, 2010 The software write blocker is directly installed on your image acquisition workstation and additional hardware is not necessary (lightens the load, one less thing to fail, etc). SAFE Block is a software-based write-blocker that facilitates the quick and safe acquisition and/or analysis of any disk or flash storage media attached directly to your Windows workstation. It is proven to be safe, significantly faster than hardware write-blocking solutions, and used across the globe by agencies, law enforcement, and private.
Once a piece of digital evidence has been identified and seized it must be examined. Now, since you are not supposed to change the original evidence, or at least keep any changes to a minimal that can be explained, there must be a way to create a forensic copy of that evidence. This copy goes by many different names and this article isn’t intended to provide a full explanation of them. Some call them bit-by-bit copies, others call them bit stream copies, it makes no difference. What you are doing is creating an exact replica or copy of the original piece of evidence.
In order to perform this vital part of your job one of the tools available to you is the write blocker. These are pieces of hardware, versus software write blockers, that provide a level of protection which will allow you to access the evidence, without changing it. There are methods of write blocking via software that will be explored in a later blog. Kof mugen game download with all characters.
It is important to note that proper testing procedures should be followed, as these are hardware pieces and they can fail! Many an analyst has been surprised when they learned that their write blocker had failed and their evidence had become contaminated. So, take the time to test your write blockers before plunging into creating a copy of your evidence.
There are many different write blockers on the market, most of which are rather expensive. If you are just entering into the field, then it is an investment you should consider making. Many companies provide their analysts with write blockers but if you are desiring to learn on your own or work on your own as a consultant then you should strongly consider purchasing one. I would note here that working as a digital forensic consultant is a good line of work, but it does require investment on your part, not only in write blockers, but also in good forensic machines and proper training.
Fig. 1. Tableau Forensic Duplicator
Software And Hardware Write Blockers
Above is a photograph of what is known as a forensic duplicator. This is similar to a write blocker but operates more as a straight duplicator of a hard drive. You can utilize these as a write blocker, but always remember that is not their main focus. It is very handy for taking an evidentiary hard drive and transferring it to a similar hard drive for examination. You can see them at the below listed web page.
A very popular write blocker is the UltraBlock USB kit format sold by Digital Intelligence. I used these write blockers during my law enforcement career and found them easy to use and reliable. They run around $300.00 and are a worthy investment if you are performing forensic imaging.
$299.00
The Ultra Kit combines a variety of different write blockers into one handy Pelican case. They are purchased all at one time, are combined into one portable kit and are very reliable. These do cost more than a single write blocker, but if you purchase a kit you will get a variety of write blockers that fit many different hard drive formats. I would recommend investing in one of these if you are going to seriously enter the realm of digital forensics and want to be prepared for almost any situation that you might face.
Sep 14, 2004 In The Sims 2, you can control your Sims over an entire lifetime for the first time. With the addition of genetics, the game lets your Sims pass their DNA down through generations. Sims 2 pc game cheats. The Sims 2 An incredible sequel to the best-selling PC game of all-time! You'll get to direct an entire Sims' lifetime, and try to get them to reach their life goals. An incredible sequel to the best-selling PC game. Aug 20, 2017 The Sims 2 (Size: 2.71 GB) is a Life simulation video game. Developed by Maxis, Amaze Entertainment and published by EA Games. It was released on Microsoft Windows in September 14, 2004. Before downloading make sure that your PC meets minimum system requirements.
$1,799 – $4,399
Fig. 3 Wiebetech UltraDock
Software Vs Hardware Write Blockers Online
Another popular write blocker is the WieBeTech UltraDock. This is a handy sized forensic write blocker that can easily fit into a “go bag” and be taken places with you. I utilize this particular write blocker routinely and have found it to be very reliable.
$300.00
There are many, many more hardware write blockers on the market. I would encourage you to research the market, find one or several that will suit your needs and take the plunge. Granted, it is an investment, but it will definitely help you learn the tools of the trade!
Hello everyone,
I'm new here so I started read the oldest post and the oldest articles from this forum/site to the newest and I still do but..
I have a question about USB write blokers.
Some people say that they used software blockers and it's ok, some other says that they only use hardware write blockers, so is it equal at the end ? I mean is they protect source dev against accidental write with the same efficiency ?
The hardware blokers do the good job but how about software write blockers ? The drive should be in read-only mode and ignore / fail out write requests but as I readed on this forum some users says that it's not true in 100% because OS Windows still write sth data on the attached device and I am a little confused about that ?
Next thing is that some device for e.x. SD cards has a small hardware switch to enable write block, so if yes is this way to write block is comparable with 'normal' hardware blokers like tableau TH8 ?
BTW: I couldn't just test/try it because at now I don't have a hardware usb write bloker.
BTW2: I hope that is the most appropriate forum for my question
I'm new here so I started read the oldest post and the oldest articles from this forum/site to the newest and I still do but..
I have a question about USB write blokers.
Some people say that they used software blockers and it's ok, some other says that they only use hardware write blockers, so is it equal at the end ? I mean is they protect source dev against accidental write with the same efficiency ?
The hardware blokers do the good job but how about software write blockers ? The drive should be in read-only mode and ignore / fail out write requests but as I readed on this forum some users says that it's not true in 100% because OS Windows still write sth data on the attached device and I am a little confused about that ?
Next thing is that some device for e.x. SD cards has a small hardware switch to enable write block, so if yes is this way to write block is comparable with 'normal' hardware blokers like tableau TH8 ?
BTW: I couldn't just test/try it because at now I don't have a hardware usb write bloker.
BTW2: I hope that is the most appropriate forum for my question