skip navigation

CrimeSolutions.gov

Add your conference to our Justice Events calendar

Home / Publications / NCJRS Abstract

PUBLICATIONS

NCJRS Abstract

The document referenced below is part of the NCJRS Library collection.
To conduct further searches of the collection, visit the NCJRS Abstracts Database.

How to Obtain Documents
 
NCJ Number: NCJ 220221   Add to Shopping cart   Find in a Library
Title: ACES Software Write Block Tool Test Report: Writeblocker Windows 2000 V5.02.00
  Document URL: PDF 
Corporate Author: Office of Law Enforcement Standards (OLES)
United States of America
Date Published: 01/2008
Page Count: 151
  Annotation: This report presents the methodology and results of the testing of Writeblocker Windows 2000, Version 5.02.00 in accordance with the ACES Software Write Block Tool Specification & Test Plan Version 1.0, which may be found on the Computer Forensics Tool Testing (CFTT) Web site.
Abstract: The first specification of the ACES Software Write Block Tool Specification & Test Plan Version 1.0 requires that the tested tool shall not allow a protected drive to be changed; however, the tested tool failed to block some test commands from the protected categories that were sent to protected drives. The second performance specification for the tool is that it shall not prevent obtaining any information from or about any drive. The tested tool complied with this requirement, in that it did not alter or block test commands from any unprotected category that were sent to protected or unprotected drives. The third performance specification is that the tool shall not prevent any operation to a drive that is not protected. The tested tool met this requirement, in that it did not alter or block any test commands sent to unprotected drives. The tested tool, Writeblocker Windows 2000 V5.02.00, consists of two kernel mode device drivers, NTSBFS and NTWBPM, and a user mode GUI control application. The NTWBFS driver is a file system filter driver that filters file system calls, and the NTWBPM driver is a physical device filter that filters hardware I/O requests. In addition to presenting overall test results, results are summarized for each test case. The description of the testing environment encompasses the test computer, hard disk drives, test software, and run protocol selection. Appended sample logfile listings and filter driver lead orders
Main Term(s): Computer aided investigations
Index Term(s): Evidence collection ; Technology transfer ; Computer software ; Forensics/Forensic Sciences ; Investigative techniques ; NIJ grant-related documents
Sponsoring Agency: National Institute of Justice (NIJ)
US Department of Justice
Office of Justice Programs
United States of America
Grant Number: 2003-IJ-R-029
Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America

NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America
Type: Test/Measurement ; Guideline
Country: United States of America
Language: English
Note: NIJ Special Report
   
  To cite this abstract, use the following link:
https://www.ncjrs.gov/App/Publications/abstract.aspx?ID=242021

* A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's web site is provided.