I have been tasked by my agency to see if it is viable to return large capacity forensic images on Hard Drives. It would be best to return the hard drive as read-only (no encryption/no compression), and the read-only carry over to other systems.
Is there a way to disable a hard drive's write abilities without restricting access or encrypting those files?
I have looked into DISKPART attributes and Drive permission properties but its single system based, and will not carry over to another system.
Is there a way to disable a hard drive's write abilities without restricting access or encrypting those files?
No.
Consider that if such a capability existed (and was easy to implement/safe, etc.) all hardware writeblockers manufacturers/Authors would instantly file for Chapter 11) wink
You can set (on some windows versions) the volume(s) as "read only" through Diskpart attributes
http//
but of course it can be switched back to R/W easily
jaclaz
I have tested DISKPART but it seems single system based and does not carry over to other systems.
Unless I am not setting the attributes correctly
DISKPART
selected the desired disk
"attributes disk set readonly"
Is there a way to disable a hard drive's write abilities without restricting access or encrypting those files?
Not in the way you want. Some HDD controllers and RAID cards can be (or could be) configured to prevent writes from taking place, but that's about all.
There are some new HDD technologies in the offing Seagate Kinetic looks like you could plug a drive into an Ethernet, and with the right driver (something like SCSIoverEthernet?) talk to it. HGST are doing something similar. My impression is that these disk do their own authentication and authorization, but I haven't read the protocol specification. And it would take some experimentation to come to grips with it.
These drives are intended to be used in data centers, so they are rather special, though.
I figured it out. Its not a total write-block of the drive but better than nothing.
Using DISKPART, I selected the desired volume then did "attributes volume set readonly"
The Volume Table that is on the drive is set to read-only and is set to read only on all systems.
Where my previous attempt with Disk option is specific only to that system.
Using DISKPART, I selected the desired volume then did "attributes volume set readonly"
The Volume Table that is on the drive is set to read-only and is set to read only on all systems.
Well, that is exactly the command in the given link
http//
that's the reason I provided it.
But "all systems" may be a bit optimistic, what about older Windows versions, MacOSx, Linux, FreeBSD, DOS with NTFS R/W driver?
jaclaz
There are devices you can connect to, these are so called Write-Block
Have you look at those device?