Re: Hard Drive Write Blocker

From: Wouter Slegers (wouterat_private)
Date: Mon May 28 2001 - 06:24:27 PDT

  • Next message: Mike F: "computer forensics"

    On Thu, May 24, 2001 at 04:03:15PM +0200, Jochen Kaiser wrote:
    > There is a group of similar products available which do far more:
    [SNIP]
    > There are at least 3 product which handle this. the one we test at the moment
    > is http://www.daten-airbag.de/textvers/index.html 
    If I understand the information on this device correctly, this is a
    modified BIOS disabling writes to the disk. This only works when all
    disk access is via the BIOS, so this will not work with anything
    directly accessing the IDE/ATA-controllers (e.g. OSes like *BSD,
    SMART-disk-managementsoftware, maybe even the newer NT ATAPI-drivers?)
    with writes to 0x01f0-8.
    To block these attacks, one still needs to have something physically
    interposed somewhere in the path from PCI-bus via controller to the
    disk(s), preferbly just before the disks.
    If there are ready-to-run chips or sourcecode for simple processors that
    can interpreted the diskside of the ATA-commands, one could make an
    "ATA-firewall" that would allow this kind of write-protection in a more
    generic way. Building this yourself should be possible, but is
    non-trivial to get right.
    
    With kind regards,
    Wouter Slegers
    Your Creative Solutions
    



    This archive was generated by hypermail 2b30 : Mon May 28 2001 - 12:01:53 PDT