Add your conference to our Justice Events calendar

PUBLICATIONS

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

1 record(s) found

NCJ Number:	220221

Title:	ACES Software Write Block Tool Test Report: Writeblocker Windows 2000 V5.02.00

Document:	PDF

Date Published:	January 2008

Annotation:	This report presents the methodology and results of the testing of Writeblocker Windows 2000, Version 5.02.00 in accordance with the ACES Software Write Block Tool Specification & Test Plan Version 1.0, which may be found on the Computer Forensics Tool Testing (CFTT) Web site.

Abstract:	The first specification of the ACES Software Write Block Tool Specification & Test Plan Version 1.0 requires that the tested tool shall not allow a protected drive to be changed; however, the tested tool failed to block some test commands from the protected categories that were sent to protected drives. The second performance specification for the tool is that it shall not prevent obtaining any information from or about any drive. The tested tool complied with this requirement, in that it did not alter or block test commands from any unprotected category that were sent to protected or unprotected drives. The third performance specification is that the tool shall not prevent any operation to a drive that is not protected. The tested tool met this requirement, in that it did not alter or block any test commands sent to unprotected drives. The tested tool, Writeblocker Windows 2000 V5.02.00, consists of two kernel mode device drivers, NTSBFS and NTWBPM, and a user mode GUI control application. The NTWBFS driver is a file system filter driver that filters file system calls, and the NTWBPM driver is a physical device filter that filters hardware I/O requests. In addition to presenting overall test results, results are summarized for each test case. The description of the testing environment encompasses the test computer, hard disk drives, test software, and run protocol selection. Appended sample logfile listings and filter driver lead orders

Main Term(s):	Computer aided investigations

Index Term(s):	Computer software; Evidence collection; Forensic sciences; Investigative techniques; NIJ grant-related documents; Technology transfer

Grant Number:	2003-IJ-R-029

Sponsoring Agency:	National Institute of Justice (NIJ) Washington, DC 20531 National Institute of Justice/NCJRS Rockville, MD 20849 NCJRS Photocopy Services Rockville, MD 20849-6000 Office of Law Enforcement Standards (OLES) Gaithersburg, MD 20899-8102

Corporate Author:	Office of Law Enforcement Standards (OLES) United States of America

Sale Source:	National Institute of Justice/NCJRS Box 6000 Rockville, MD 20849 United States of America NCJRS Photocopy Services Box 6000 Rockville, MD 20849-6000 United States of America

Page Count:	151

Format:	Document

Type:	Guideline; Test/Measurement

Language:	English

Country:	United States of America

Note:	NIJ Special Report



	To cite this abstract, use the following link: http://www.ncjrs.gov/App/publications/abstract.aspx?ID=242021

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.

PUBLICATIONS

NCJRS Abstract

Find in a Library