I wouldnt reccomend anyone using the XP SP2 USB write block reg-key to image anything which will end up in court. MS themselves state that this reg-key is a 'hack' and is in no way designed to be forensically sound. Of course you could always test it yourself, but then you would have to retest it each and every time that some software is changed on your computer - how do you know what effects these other changes may have on this 'hack'?
We used to use this reg-key in our office, but have now changed to using hardware write blockers for USB, as these are actually desinged to be forensically sound in the first place.
We … have now changed to using hardware write blockers for USB, as these are actually desinged to be forensically sound in the first place.
Can you tell us which ones you are using?
bj
I wouldnt reccomend anyone using the XP SP2 USB write block reg-key to image anything which will end up in court. MS themselves state that this reg-key is a 'hack' and is in no way designed to be forensically sound. Of course you could always test it yourself…
Of course, all tools, even purchased hardware write blockers should be tested before they are used. As for this hack, while it may not be perfect, it is better than nothing at all, and can at least prevent accident modification. We include it on our machines as a "fail-safe" option.
But yes, I would prefer hardware devices over software controls.
bj
I wouldnt reccomend anyone using the XP SP2 USB write block reg-key to image anything which will end up in court. MS themselves state that this reg-key is a 'hack' and is in no way designed to be forensically sound. Of course you could always test it yourself…
Of course, all tools, even purchased hardware write blockers should be tested before they are used. As for this hack, while it may not be perfect, it is better than nothing at all, and can at least prevent accident modification. We include it on our machines as a "fail-safe" option.
But yes, I would prefer hardware devices over software controls.
bj
I agree with the above.
Tools that adjust the registry are great
but these tools are meant for generic uses. If you need something to use for a case that may be called into question I suggest going with a hardware device.
gt
I created one too a while back, the registry key works on vista as well I believe its SP2 and newer as mentioned above, It also works in Bart PE if done properly.