Our Services : Video Editing Classes, Ethical Hacking Workshop, Computer Classes, PC/Laptop Repair, Routers Sell, UPS Sell, Printers Sell, Scanners Sell, Website Development, APP Development, Computer Components
Call : 9846618997 | Newroad Pokhara

CHFI & Digital Forensics Tutorial [Part 3] – Write Blocking using WinHex

Write Blocking – Definition

Write blocking is the act of ensuring that the contents of an evidence drive cannot be modified during the scope of an investigation. It allows acquisition of information on a drive without creating the possibility of accidentally damaging the drive contents. Write blockers do this by allowing read commands to pass but by blocking write commands, hence their name. This can be done one of two ways: with either hardware or software write blockers.

In This Tutorial
Once a disk image has been created, hashing and write blocking the image are the immediately
pivotal steps to be taken in order to ensure the integrity of the evidence file. Write blocking tools have been written into several of the free software programs we have used or have available, including WinHex and DiskExplorer NTFS. Alternatively, it is possible to do a form of write blocking by simply changing the
status of the disk image to read-only

In this tutorial we will go through the process of creating a write blocked disk image in order to prevent changes in the course of the investigation.

*Note that once you exit WinHex, the disk image file will no longer be write protected. If you were to open the disk image file within another program, changes could be made. The write blocking provide within WinHex is only functional within WinHex itself. However, this feature is highly useful for analysis of disk image file contents within WinHex.

Related Post

READ  Ethical Hacking with Kali Linux [5] - Rogue Wireless Access Points

Leave a Reply

Your email address will not be published. Required fields are marked *