Best Hardware Write Blockers for Digital Investigators

In today’s digital world, digital evidence is cited in many crimes. Digital investigators and forensic experts need to be certain that the data being presented as evidence has not been altered during the proceedings. A write blocker allows read-only access of a digital device without compromising data integrity in any way. When used properly, a write blocker guarantees that the data inside a digital storage device remains intact. This article will look at the five best hardware write blockers for digital investigators. But first, it is essential to understand the difference between software and hardware write blockers. Moreover, you also need to be aware of the vital features that make for a good hardware blocker. Read on for more details!

Software vs. Hardware

Software or hardware write blocker – which is better? Well, it depends on your preferences. Software and hardware write blockers perform the same task. They prevent tampering with data on storage devices. However, the primary difference is that a software write blocker is installed on a forensic workstation. A software write blocker operates by filtering any IO commands sent from an app through an access interface. A significant advantage of software write blockers is that you do not have to carry extra hardware while in the field. On the other hand, a hardware write blocker is a portable device easily carried to and from the crime scene. While software blockers are limited by OS updates and other such variables, hardware blockers work independently. They also have more visual indicators (and sometimes even a text screen) to confirm that your computer is not writing to the drive.

Three Essential Features of Hardware Write Blockers

The following section covers the three most critical features you should be mindful of when purchasing a hardware write blocker.

1. Available Connection Types

Notice the available connection types on the hardware. Does it support both SATA and IDE drive types? Check your device for the output connection features. Does it support USB 3.0, as well as 2.0? While SATA to SATA data transfer is the fastest, USB 3.0 is frequently used by modern workstations.

2. Writing Capability

Consider whether you will need to write external drives you will be connecting with. Some hardware write blockers allow you to alternate between read/write and read-only modes, while others are limited to read-only. If your work requires you to connect IDE/SATA to your workstation for writing, you should consider a write blocker that supports both modes.

3. Compatibility

Before purchasing, make sure the write blocker is compatible with Advanced Drive Formats. To meet the demand for more drive space, hard drives today have increased sector size to 4096. Some have even gone beyond that size. Be sure that the write blocker you select supports the most common and prevalent format type of 512e.

Coolgear USB 3.0 / 2.0 to IDE/SATA Adapter with Write-Protection

This is a budget option for people with limited means. While Coolgear is not a market leader, this product does not disappoint with a data transfer rate of up to 5GB per second. In addition, its compatibility with Linux and Mac OS 10.x comes as icing on the cake.

This model is ideal for forensics, and you can easily attach 2.5-inch laptop drives, IDE 3.5-inch drives, or any other regular SATA drive. Once in the write protect mode, rest assured that your system is protected from tampering with the data of connected drive. Just make sure the write-protect switches are correctly toggled before the device is powered on.

The Coolgear write blocker is very lightweight and a space saver. Weighing just 1.3 lbs. and measuring 80mm x 80mm x 20mm, you do not have to worry about carrying bulky equipment. This model’s compact size leaves plenty of room on your desk or in the field for other equipment.

The only downside is that when compared with Tableaus, the data transfer rate is rather slow. Considering it costs nearly one-sixth of the price, the bargain does make sense. If you are looking for a low-cost write blocker with decent performance, or if you want a secondary write blocker for home, Coolgear has your back.

Buy Here: Amazon

Tableau Forensic SATA/IDE Bridge Kit

Tableau’s second-generation hardware write blocker is everything you would expect from a modern digital forensics helper. This model is portable, fast, accurate and works great with all operating systems, as long as there is a USB 3.0 port.

The device features seven LEDs providing a status update about SATA media detection, power, IDE media detection, write block status, host connection status, and activity status. All the information is then displayed on the integrated and backlit LCD screen on the front.

In addition to the T35U Bridge, the package also contains an external power supply, an 8-inch Molex to 3M Drive Power Cable, an 8-inch SATA Signal Cable, an 8-inch SATA to 3M Drive Power Cable, an 8 inch Tableau IDE Cable, a 6-inch USB 3.0 A to B Cable, a zippered soft-sided nylon bag, and a Quick Reference Guide to ensure that you get the most out of your purchase.

Overall, the higher price and the fact that it is a read-only bridge may limit this model’s applicability. However, it is suitable for both on- and off-the-field jobs and comes with enough goodies to make up for the higher price.

Buy Here: Amazon

Tableau TK8U Forensic USB 3.0 Bridge Kit

First introduced back in 2015, the TK8U was Tableau’s very first hardware write blocker with USB 3.0 support. This model quickly became a standard. The robust architecture, coupled with USB 3.0 support, offers enough speed to image multi-terabyte HDDs, flash drives, or even USB 1.1 and USB 2.0 drives. However, this model is not able to recover data from dead drives.

This device is capable of forensic data transfer of up to 300 Mbps, which may seem rather slow by today’s standards. Still, the fact that it can simultaneously calculate both SHA1 and MD5 hashes makes it a worthwhile investment for anyone looking for a reliable write blocker.

Moreover, the TK8U’s backlit interface ensures that the device information, status reports, bridge, and Logical Unit select information are always accessible and visible.

The only limitation of this model is that the power supply comes with a USA-style power cord only. So, if you are living in any other part of the world, you may need to invest in an additional power adapter to get it working, which is a minor inconvenience.

Buy Here: Amazon

Tableau Forensic PCIe Bridge TK7U-BNDLB SiForce Bundle

The Tableau Forensic PCIe Bridge TK7U BNDLB is the first-ever portable hardware write blocker that allows forensics of PCIe solid-state drives while being used in conjunction with a Tableau PCIe adapter.

This device comes packaged in a rugged ESD transport case, which prevents any damage to the equipment from dust, water, or any other external force – thus making it ideal for fieldwork. Additionally, this model is compatible with all OS, including the most modern Linux distros.

With imaging speeds of up to 330 Mbps, USB 3.0 support, read/write functionality via the device’s internal 4 position DIP switch, an integrated backlight LCD display, and six different status LEDs for various status updates, the TK7U is a device for true professionals.

This device does empty your pockets, but you get what you pay for, right? And this handy little tool does what it is supposed to do with little to no effort on the user’s part.

Buy Here: Amazon

WiebeTech Forensic ComboDock FCDv5.5

WiebeTech’s ComboDock FCD version 5.5 is a mid-range hardware write blocker for forensic experts, lawyers, and digital investigators. This write blocker is a straightforward and easy to use dual-mode professional dock offering multiple hosts and drive connections. This model works natively with standard hard drives, such as SATA, IDE, and PATA.

The drive connectors (USB 2.0, USB 3.0, eSATA, and FireWire 800) allow easy insertion and auto-alignment. All you need to do is connect the device with the drive, power it on, and you can toggle between the read/write and write blocking options. Switching between the two modes is very easy in this model. Nevertheless, it is impossible to unintentionally turn off the write-blocking mode.

This blocker allows you to detect, remove or even modify DCOs (Device Configuration Overlays) and HPAs (Host Protected Areas), which are sometimes used by criminals to hide data. With the ComboDock you can quickly access information about disk health, the number of hours used, the firmware model number, power cycles, and other critical information.

This model weighs 2.2 lbs., a weight that may put off some users. However, we do not see how that may hinder investigations in any way. Overall, this is an excellent mid-range option for people looking for affordable, yet reliable, hardware write blockers.

Buy Here: Amazon

Final Thoughts

Today, we listed some of the best hardware write blockers available to you for purchse. Ensuring data integrity has a critical role to play in data acquisition for any computer forensics or digital investigator. This is impossible without a reliable hardware write blocker. All the products mentioned above have been tested over the years for their performance, reliability, and efficiency.  You may choose any of the models discussed above without a second thought. Even so, before purchasing any product, always check the device information. Good luck!



from Linux Hint https://ift.tt/3hOgkkv

Post a Comment

0 Comments