USB multi card reader - HELP

Which software blockers have you been looking at ?

Hi all

I have researched that USB software write blockers are not reliable, but we have a back log of different memory cards to image.

We do have a Tableau Forensic USB Bridge write blocker, but it does not seem to be compatible with our current Integral multi card reader.

Please can you advise which multi card reader would be best purchased that would be compatible with our Tableau USB write blockers.

Thankyou
)

Newstar,

We use the Addonics forensic card reader you can find the details and spec sheet here http//www.dataduplication.co.uk/details/smart-card-reader.html

Alan

I found the following which does work, but is it reliable? -

Windows XP Service Pack 2 (SP2) introduces a new registry subkey that lets you mark USB-based storage devices such as memory sticks as read-only devices. This is a useful security capability that can prevent users from copying data from their systems and taking that data offsite via a USB device. To enable the USB write protection, perform the following steps
1. Start the registry editor (regedit.exe).
2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies subkey. (Create the StorageDevicePolicies subkey if it doesn't already exist.)
3. From the Edit menu, select New, DWORD Value.
4. Type the name WriteProtect and press Enter.
5. Double-click the new value and set it to 1. Click OK.
6. Close the registry editor.
7. Restart the computer.
To disable this change, you can either set WriteProtect to 0 or delete it.

Generally, people don't like to trust the registry hack you've described. As to whether you consider it reliable you're going to have to test it, as it will be you not them in the witness box! Check MD5s before and after applying the hack, and try and alter a file on the USB device with the hack applied. Try this a number of times with different circumstances and devices and if the MD5 never changes then you can be reasonably sure that you can trust it!

Alternatively you can use an Apple Mac with disk arbitration turned off and create a dd image on a separate drive mounted as read/write. I much prefer the hardware option where possible though.

Steve

Hi all
We use the Addonics forensic card reader you can find the details and spec sheet here http//www.dataduplication.co.uk/details/smart-card-reader.htm

Alan,

i use this reader…. it work so bad. I don't know if i bought a bug reader but sometimes it fall to read (usually with SMARTMEDIA).

Now i contact the Addonics to change it.

Anyway.. no more things from Addonics….

We use the addonics units from Dataduplication and have no problems.

On the subject of software writeblockers - there is always a place for them. For instance we found that certain USB thumb drives will not not allow you to unlock the protected area if attached via a tableau as the unlocking software doesn't recogise the device. We use WriteblockerXP by ACESLE which is unfortunately Law Enforcement only and only available after registration.

This might not be forensically sound, and might not even work to read a USB, but has anyone tried a RS232-to-USB with the RS232's TX line cut?