skip navigation


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.


NCJ Number: 220221 Add to Shopping cart Find in a Library
Title: ACES Software Write Block Tool Test Report: Writeblocker Windows 2000 V5.02.00
Corporate Author: Office of Law Enforcement Standards (OLES)
United States of America
Date Published: January 2008
Page Count: 151
Sponsoring Agency: National Institute of Justice (NIJ)
Washington, DC 20531
National Institute of Justice/NCJRS
Rockville, MD 20849
NCJRS Photocopy Services
Rockville, MD 20849-6000
Office of Law Enforcement Standards (OLES)
Gaithersburg, MD 20899-8102
Grant Number: 2003-IJ-R-029
Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America

NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America
Document: PDF
Type: Guideline; Test/Measurement
Format: Document
Language: English
Country: United States of America
Annotation: This report presents the methodology and results of the testing of Writeblocker Windows 2000, Version 5.02.00 in accordance with the ACES Software Write Block Tool Specification & Test Plan Version 1.0, which may be found on the Computer Forensics Tool Testing (CFTT) Web site.
Abstract: The first specification of the ACES Software Write Block Tool Specification & Test Plan Version 1.0 requires that the tested tool shall not allow a protected drive to be changed; however, the tested tool failed to block some test commands from the protected categories that were sent to protected drives. The second performance specification for the tool is that it shall not prevent obtaining any information from or about any drive. The tested tool complied with this requirement, in that it did not alter or block test commands from any unprotected category that were sent to protected or unprotected drives. The third performance specification is that the tool shall not prevent any operation to a drive that is not protected. The tested tool met this requirement, in that it did not alter or block any test commands sent to unprotected drives. The tested tool, Writeblocker Windows 2000 V5.02.00, consists of two kernel mode device drivers, NTSBFS and NTWBPM, and a user mode GUI control application. The NTWBFS driver is a file system filter driver that filters file system calls, and the NTWBPM driver is a physical device filter that filters hardware I/O requests. In addition to presenting overall test results, results are summarized for each test case. The description of the testing environment encompasses the test computer, hard disk drives, test software, and run protocol selection. Appended sample logfile listings and filter driver lead orders
Main Term(s): Computer aided investigations
Index Term(s): Computer software; Evidence collection; Forensic sciences; Investigative techniques; NIJ grant-related documents; Technology transfer
Note: NIJ Special Report
To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.