"EnCase presents several options to non-invasive acquire hard drives, many of which are unique to the field of computer forensics" [1] So I am guessing the full version would do it, or at least with certain configurations. I do know that the company produce a hardware device that write protects. This is called fastbloc [2]. Also under features it lists that it can "View files without changing the file contents or time stamps" [3]. I would like to say that in the past I used fat32 drivers for Winnt. It stated that it was read only. But when you did a small change on a text file it worked. So whatever you decide to use, if you are going to use it for a case test test test. I know some of the above is NO DUH stuff but thought it might help knowing. If you haven't notice by my above post, i have not had experience with encase or windows acquisitions so don't believe a word i say :) Regards, Daniel [1] Casey, H. 2001, "Handbook of computer crime investigation - Forensic tools and technology" Academic Press [2] http://www.encase.com/html/forensic_hardware.html [3] http://www.encase.com/html/encase_ver3_overview.html At 11:57 AM 08/01/02 -0500, you wrote: >Hey Everyone. > >I am just learning about computer forensics on Windows platforms. The >problem I have run into is not being able to block writes to hard drives >while in Windows. I found PDBlock and NTFSDOS (read-only) but they both run >in DOS. I have a demo version of EnCase and when it runs, it says the hard >drive is not mounted read-only. Are there any utilities that run in Windows >or load before Windows so that a drive can be mounted read-only but still >accessible to programs such as EnCase? I was hoping to find a utility for >Windows instead of mounting the drive read-only in Linux and then using >Samba to share the drive to Windows. > >Thanks in advance, > > >-jhs > >------------------------------------------------ >John H. Sawyer >Computer Support Specialist >Environmental Horticulture Dept >University of Florida >jsawyerat_private > >----------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 18:30:48 PST