Title: ON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY

Year of Publication: 2013
Page Numbers: 113-123
Authors: Mousa Al Falayleh, Jamal Al-Karaki
Conference Name: The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec2013)
- Malaysia

Abstract:


Digital Forensics (DF) is an evolutionary field with evolving techniques. One major step in DF Framework is the acquisition phase, where a copy or an image of a suspect disk is preserved with no alteration or modification. This is an important technique for the evidence to be accepted by a court of law. To accomplish that, investigators normally use hardware based or software based Write Blocker (WB). In this paper, we perform in-depth performance evaluation for a number of Hardware and Software write blockers from various vendors. The intent is to determine the best WB for a certain scenario in terms of shortest imaging time. The experimental results reported in this paper form an invaluable reference for field practioners.