| NCJ Number: |
220221   |
| |
|
| Title: |
ACES Software Write Block Tool Test Report: Writeblocker Windows 2000 V5.02.00 |
| |
|
| Corporate Author: |
Office of Law Enforcement Standards (OLES)
United States of America |
| |
|
| Date Published: |
January 2008 |
| |
|
| Page Count: |
151 |
| |
|
| Sponsoring Agency: |
National Institute of Justice (NIJ)
Washington, DC 20531
National Institute of Justice/NCJRS
Rockville, MD 20849
NCJRS Photocopy Services
Rockville, MD 20849-6000
Office of Law Enforcement Standards (OLES)
Gaithersburg, MD 20899-8102 |
| |
|
| Grant Number: |
2003-IJ-R-029 |
| |
|
| Sale Source: |
National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America
NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America |
| |
|
| Document: |
PDF |
| |
|
| Type: |
Guideline; Test/Measurement |
| |
|
| Format: |
Document |
| |
|
| Language: |
English |
| |
|
| Country: |
United States of America |
| |
|
| Annotation: |
This report presents the methodology and results of the testing of Writeblocker Windows 2000, Version 5.02.00 in accordance with the ACES Software Write Block Tool Specification & Test Plan Version 1.0, which may be found on the Computer Forensics Tool Testing (CFTT) Web site.
|
| |
|
| Abstract: |
The first specification of the ACES Software Write Block Tool Specification & Test Plan Version 1.0 requires that the tested tool shall not allow a protected drive to be changed; however, the tested tool failed to block some test commands from the protected categories that were sent to protected drives. The second performance specification for the tool is that it shall not prevent obtaining any information from or about any drive. The tested tool complied with this requirement, in that it did not alter or block test commands from any unprotected category that were sent to protected or unprotected drives. The third performance specification is that the tool shall not prevent any operation to a drive that is not protected. The tested tool met this requirement, in that it did not alter or block any test commands sent to unprotected drives. The tested tool, Writeblocker Windows 2000 V5.02.00, consists of two kernel mode device drivers, NTSBFS and NTWBPM, and a user mode GUI control application. The NTWBFS driver is a file system filter driver that filters file system calls, and the NTWBPM driver is a physical device filter that filters hardware I/O requests. In addition to presenting overall test results, results are summarized for each test case. The description of the testing environment encompasses the test computer, hard disk drives, test software, and run protocol selection. Appended sample logfile listings and filter driver lead orders
|
| |
|
| Main Term(s): |
Computer aided investigations |
| |
|
| Index Term(s): |
Computer software; Evidence collection; Forensic sciences; Investigative techniques; NIJ grant-related documents; Technology transfer |
| |
|
| Note: |
NIJ Special Report |
| |
|
|
|
| |
|
|
To cite this abstract, use the following link:
http://www.ncjrs.gov/App/publications/abstract.aspx?ID=242021 |
| |
|
