±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 35886
New Yesterday: 2 Visitors: 181

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Software Blocker

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4  Next 
  

douglasbrush
Senior Member
 

Re: Software Blocker

Post Posted: Jul 14, 10 09:11

Following the train of thought on the thread...are you looking to do SW WB on a Windows system that is up and running or via bootdisk?

How are you set-up? Booting the suspect system and using the hardware bus on that? Or are you removing the suspect drive and imaging in a separate system?

Also F-Response is a great software write blocker for multiple environments over a network connection. It can be used over existing hardware and connections or via a cross over cable.

Also you could use EnCase in a LinEn boot environment on the suspect machine with a cross over cable to your examination machine. You can image in EnCase without a dongle in acquisition mode.

There are many ways to skin a cat but probably even more ways to image a hard drive.  
 
  

4Rensics
Senior Member
 

Re: Software Blocker

Post Posted: Jul 14, 10 12:32

Just a little note on this subject as I had some trouble getting one for my 64bit Windows 7 Manchine. The only one I could find was DSi USB Write Blocker, however its does more of a blanket block and blocked everything, even mem card readers, so unlike some you can't point to specific ports. Dunno if this is a good or bad thing :\

Don't know if there are any others out there for x64 machines, but took us ages to find this one and this was the only one that really worked for out needs.

Just thought I'd says for future forum readers, if your looking for 64bit machine blockers.  
 
  

Jonathan
Senior Member
 

Re: Software Blocker

Post Posted: Jul 14, 10 12:51

- 4Rensics
....my 64bit Windows 7 Manchine.


Very macho set-up you've got there!

- 4Rensics
The only one I could find was DSi USB Write Blocker, however its does more of a blanket block and blocked everything, even mem card readers, so unlike some you can't point to specific ports. Dunno if this is a good or bad thing :\



It's a good thing, working as advertised. I've used it on my laptop to image from a USB attached suspect disk to an attached e-SATA target disk, worked fine.

Having said this, I would always choose a hardware write blocker over a software write blocker; less chance of human error if anything.
_________________
Forensic Control
twitter.com/ForensicControl
St Bride Foundation, 14 Bride Lane, London, EC4Y 8EQ 
 
  

douglasbrush
Senior Member
 

Re: Software Blocker

Post Posted: Jul 14, 10 18:58

If you use MS Steady State there are options to WB the USB port but keep it readable. Steady State is basically a GUI for the group policy and reg edits for admins. As it is a GUI you can have a little mental comfort in seeing the check box. Do validate, validate, validate first. I have never personally used it in a forensic environment just as an admin tool.  
 
  

chstonewall
Newbie
 

Re: Software Blocker

Post Posted: Jun 27, 11 09:24

- 4Rensics
The only one I could find was DSi USB Write Blocker, however its does more of a blanket block and blocked everything, even mem card readers, so unlike some you can't point to specific ports. Dunno if this is a good or bad thing :\



It's a good thing, working as advertised. I've used it on my laptop to image from a USB attached suspect disk to an attached e-SATA target disk, worked fine.

So it did not block the attached e-SATA target disk?  
 
  

Georgefan
Member
 

Re: Software Blocker

Post Posted: Jun 27, 11 12:28

Windows has its own write block,if you are using Windows XP,here it is:
Open the registry and find this:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\

under this key there should be a key called "StorageDevicePolicies"
In the right pane there is a REG_DWORD called "WriteProtect" ,double click it and change the value to 1 then all your computer's USB ports should be write protected.  
 
  

vkskain
Newbie
 

Re: Software Blocker

Post Posted: Jul 10, 18 10:28

- Jonathan
There's a link to a free USB software write blocker and other free tools on this page which I put together. As with anything, use at your own risk.

www.forensiccontrol.co...ources.php


Hello, Link Not Found. Please Check. Thanks  
 

Page 2 of 4
Page Previous  1, 2, 3, 4  Next