Difference between pages "Write Blockers" and "Books"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(General books about forensics)
 
Line 1: Line 1:
'''Write blockers''' are devices that allow acquisition of information on a [[hard drive|drive]] without creating the possibility of accidentally damaging the drive contents. They do this by allowing read commands to pass but by blocking write commands, hence their name.
+
=General books about forensics=
  
There are two ways to build a write-blocker: the blocker can allow all commands to pass from the computer to the drive except for those that are on a particular list. Alternatively, the blocker can specifically block the write commands and let everything else through.
+
* [http://www.amazon.com/gp/product/0849381274/ Principles and Practice of Criminalistics: The Profession of Forensic Science], by Keith Inman and Norah Rudin. (Highly recommended).
  
Write blockers may also include drive protection which will limit the speed of a drive attached to the blocker. Drives that run at higher speed work harder(the head moves back and forth more often due to read errors). This added protection could allow drives that can not be read at high speed (UDMA modes) to be read at the slower modes (PIO).  
+
* [http://www.amazon.com/gp/product/0130910589/104-5015943-9029527 Forensic Science Handbook, Volume 1 (2nd Edition)], by Richard E. Saferstein ISBN: 0130910589 Publisher: Prentice Hall; 2 edition 6/5/2001
  
There are two types of write blockers, Native and Tailgate. A Native device uses the same interface on for both in and out, for example a IDE to IDE write block. A Tailgate device uses one interface for one side and a different one for the other, for example a Firewire to SATA write block.  
+
* [http://www.amazon.com/gp/product/013112434X/104-5015943-9029527 Forensic Science Handbook, Vol. II (2nd Edition)], by Richard E. Saferstein ISBN: 013112434X Publisher: Prentice Hall; 2 edition, 10/8/2004
  
Steve Bress and Mark Menz invented hard drive write blocking (US Patent 6,813,682).  
+
* [http://www.amazon.com/gp/product/0133253902/104-5015943-9029527 Forensic Science Handbook, Volume III], by Richard E. Saferstein ISBN: 0133253902 Publisher: Prentice Hall; 1 edition, 4/22/1993
  
There are both hardware and software write blockers. Some software write blockers are designed for a specific operating system. One designed for Windows will not work on Linux. Most hardware write blockers are software independent.  
+
* [http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=2747&parent_id=411&pc= Forensic Science: An Introduction to Scientific and Investigative Techniques, Second Edition], by Stuart James and Jon J Nordby ISBN: 0849327474 Publisher: CRC Press 2/10/2005
  
= Commercial Hardware Write Blockers =
+
* [http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=0860&parent_id=411&pc= Ethics in Forensic Science: Professional Standards for the Practice of Criminalistics], Peter D Barnett ISBN: 0849308607 Publisher: CRC Press, 6/27/2001
  
'''Hardware write blockers''' can be either [[IDE]]-to-IDE or [[Firewire]]/[[USB]]-to-IDE. Simson prefers the IDE-to-IDE because they deal better with errors on the drive and make it easier to access special information that is only accessible over the IDE interface. You may feel differently.
+
=Books about computer forensics=
  
; [[ICS Drive Lock]]
+
* [http://www.awprofessional.com/title/0321268172 File System Forensic Analysis], by Brian Carrier, Addision-Wesley, 2005. (Highly recommended).
: http://www.forensicpc.com/proddetail.asp?prod=DRIVELOCK&cat=13
+
* [http://www.amazon.com/gp/product/020163497X Forensic Discovery], by Dan Farmer and Wietse Venema, Addison-Wesley, 2004.
 +
** A [http://www.porcupine.org/forensics/forensic-discovery/ HTML version] of the book is freely available online.
 +
* [http://www.amazon.com/gp/product/0121631044 Digital Evidence and Computer Crime], by Eoghan Casey, Academic Press, 2004.
 +
* [http://books.mcgraw-hill.com/getbook.php?isbn=007222696X Incident Response & Computer Forensics, Second Edition], by Kevin Mandia, Chris Prosise & Matt Pepe, 2003.
 +
* [http://www.awprofessional.com/bookstore/product.asp?isbn=0321200985&rl=1 Windows Forensics and Incident Recovery], by Harlan Carvey ISBN: 0321200985 Publisher:  Addison Wesley Professional, 7/21/2004
 +
* [http://www.ncjrs.gov/pdffiles1/nij/199408.pdf Forensic Examination of Digital Evidence: A Guide for Law Enforcement] NCJ 199408, April 2004, Special Report, National Institute of Justice
 +
* [http://www.ncjrs.gov/pdffiles1/nij/187736.pdf Electronic Crime Scene Investigation: A Guide for First Responders] NCJ 187736, July 2001, NIJ Guide, National Institute of Justice
 +
* [http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=2218&parent_id=411&pc= Investigating Computer-Related Crime], by Peter Stephenson ISBN: 0849322189 Publisher: CRC Press, 9/28/1999
 +
* [http://www.crcpress.com/shopping_cart/products/product_detail.asp?id=&parent_id=411&sku=AU2433&pc= Investigator's Guide to Steganography], by Gregory Kipper ISBN: 0849324335 Publisher: Auerbach Publications, 10/27/2003
 +
* [http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=AU0955&parent_id=411&pc= Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes], Albert J Marcella, Jr. and Robert S Greenfield ISBN: 0849309557 Publisher: Auerbach Publications, 1/23/2002
 +
* [http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=8158&parent_id=411&pc= Investigating Computer Crime], by Franklin Clark and Ken Diliberto ISBN: 0849381584 Publisher: CRC Press, 7/11/1996
  
; MyKey Technology, Inc. NoWrite FPU and FlashBlock II
+
=Books in other languages=
: 1.8"/2.5"/3.5"/ IDE to IDE, FireWire/USB to IDE & SATA, all media types - NIST Ver. 2 accepted 
+
: http://www.mykeytech.com/
+
  
; [[Tableau]] write blockers for IDE, SATA, SCSI, USB  NIST Ver. 1 accepted
+
* German: [http://www.dpunkt.de/buecher/3-89864-379-4.html Computer-Forensik], 2nd edition, by Alexander Geschonneck, dpunkt, 2006.
: http://www.tableau.com/index.php?pageid=products
+
** [http://www.computer-forensik.org/ Errata] and blog of the author.
 
+
; WiebeTech write-blockers for almost any disk drive: 2.5"/3.5" IDE, SCSI, SATA, ...
+
: http://wiebetech.com/home.php?home=5  NIST Ver. 1 accepted
+
 
+
= Commercial Software Write Blockers =
+
 
+
'''Software write blockers''' can be either tailored to an individual operating system or can be an independent boot disk. Their main upsides are with ease of use, since they are on a CD and do not require you to open up the case, and speed since they do not become a bottle neck.
+
 
+
; SAFE boot disk
+
: SAFE is a boot disk that boots a computer to a forensically sound (write blocked) version of Windows that serves as a platform for all popular Windows forensics tools. NIST Ver. 1 accepted
+
: http://www.forensicsoft.com/
+
 
+
; SAFE Block 1.2
+
: SAFE Block XP is a software-based write blocker designed for the Windows XP Operating System. It comes in both 32 and 64 bit options. NIST Ver. 1.2 accepted
+
: http://www.forensicsoft.com/
+

Revision as of 14:52, 5 April 2006

General books about forensics

Books about computer forensics

Books in other languages