NCJ Number
220222
Date Published
January 2008
Length
156 pages
Annotation
This document reports test results for Writeblocker XP, Version 6.10.0, which is designed to block all attempts to write to a protected drive by commands issued from common operating system tools and from the widely used forensic tools FTK and EnCase.
Abstract
Test results show that the tool failed to block some test commands from the protected categories that were sent to protected drives, but no changes to the protected drives were observed. The tool did not alter or block test commands from any non-protected category that were sent to protected or unprotected drives. The tool did not alter or block any test commands sent to unprotected drives. Writeblocker XP V6.10.0 consists of two kernel model device drivers NTWBFS and NTWBPM, as well as a user mode GUI control application. The NTWBFS driver is a file system filter driver that filters file system calls, and the NTWBPM driver is a physical device filter that filters hardware I/O requests. Of the two kernel model drivers, the NTWBPM driver was tested directly by test cases SWB-01 through SWB-24. Test cases SWB-25 through SWB-30 tested the ability of both components, working together, to protect a hard drive. The methodology and results of each test case are presented in this report. All testing was conducted in accordance with the SCES Software Write Block Tool Specification & Test Plan Version 1.0, which can be found on the Web site of the Computer Forensics Tool Testing program. Data tables are provided for each test.
Date Published: January 1, 2008
Downloads
Similar Publications
- Just Science Podcast: Just Mass Disaster Emergency Response in Maui, Hawaii
- Solving Cases of Sudden Unexpected Natural Death in the Young through Comprehensive Postmortem Genetic Testing
- IS2aR, a Computational Tool to Transform Voxelized Reference Phantoms into Patient-specific Whole-body Virtual CTs for Peripheral Dose Estimation