Why you need to use a write blocker (either hardware or software) in your examin

Question

Why you need to use a write blocker (either hardware or software) in your examinations, whether for a criminal case or a corporate case?

Also, imagine you are a computer forensic examiner receiving a suspect hard disk drive from a detective in your department. The drive was seized properly during a legally executed search warrant. The detective signs the chain of custody log and hands you the drive. Your job is to accept the drive, conduct an analysis, and maintain the drive until trial. Please explain the steps you would take, from receipt until testimony, including the reasons why you would take each step. For example, what would you check for when you sign for the drive on the chain of custody?

Explanation / Answer

A hardware write blocker is hardware it is alike one way valve, it only allows to pass information to flow from hard drive to computer. Write blockers do not allow any data to actually be modified.

steps followed in forensing hard drive:
-------------------------------------------------------------

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.