Hardware and software write blockers do similar work. The difference is that software write-blocker are installed in workstations of the computer while hardware write-blocker are installed in controller chip in a portable device (Lyle, 2006). The hardware write-blocker offers interfaces that are built in and block any command operation modification. Some of its functions are filtering and monitoring ay activity received or transmitted between connections to the provided storage device and the computer.
A write blocker is essential as it provides read-only data without interfering with data integrity. It guarantees the protection of the data chain if appropriately used. “National Institute of Standards and Technology (NIST)” states on the use of the write blockers that procedures are followed by an investigator to block any program execution that could modify any disk contents. The strategies involve creating a hardware jumper and use of a hard disk to intercept any disk writes. The tool allows no changes to a safe drive and access to the drive's information.
Delegate your assignment to our experts and they will do the rest.
Explain the steps you would take, from receipt of the evidence until testimony, including the reasons why you would make each step. For example, what would you check for when you sign for the drive on the chain of custody document?
Identification of the hard drive: The reason is for report maintenance of the situation that is logged into an Evidence log. The identification happens after ensuring the safety of data and equipment (Rogers & Seigfried, 2004). Hence, no tampering occurs.
Verification process: It is essential to examine the scope and the breadth of the case and determining the nature and specifics of the situation. Nonetheless, files can be protected, deleted or hidden and not overwritten. All data should be made more copies in the system during the search process of evidence.
Recovery of data is another critical step to detect data that could have been hidden (Biggs & Vidalis, 2009). Useful applications are used. Access of protected files and decryption is also done.
Analysis of the disk helps in determining unallocated space that could have different parts of the provided files relevant to the ongoing case.
Documentation then helps in the provision of full proof that relevant information is preserved without any alterations. Nonetheless, a system’s report is provided on the physical layout and on encryption.
Testimony: As an expert, one should be prepared to be present and testify in court based on computer forensics findings.
References
Biggs, S., & Vidalis, S. (2009, November). Cloud computing: The impact on digital forensic investigations. In Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for (pp. 1-6). IEEE.
Lyle, J. R. (2006). A strategy for testing hardware write block devices. digital investigation, 3, 3-9.
Rogers, M. K., & Seigfried, K. (2004). The future of computer forensics: a needs analysis survey. Computers & Security, 23(1), 12-16.
