Notifications
Clear all

Zip disks

6 Posts
4 Users
0 Likes
631 Views
(@armresl)
Posts: 1011
Noble Member
Topic starter
 

Hello,

I was looking for different methods you have used for a case with zippped up files on a zip disk.

How did you view the zipped files on the zip disk without altering times?

Take care.

 
Posted : 21/02/2006 7:16 pm
(@gmarshall139)
Posts: 378
Reputable Member
 

What type of zip disks do you have? I bought a zip 750 USB drive to acquire zip 100 disks. The zip 750 is not capable of writing to the zip 100 disks. There are other possibilities now as well. Digital Intelligence sells a write blocker that will block any USB attached to it.

 
Posted : 21/02/2006 7:57 pm
(@armresl)
Posts: 1011
Noble Member
Topic starter
 

Ya I like that about the zips, even pops up a nice message.

 
Posted : 21/02/2006 7:58 pm
(@walkabout_fr)
Posts: 67
Trusted Member
 

Personaly, that's exactly the kind of investigation I do using the XP SP2 write block registry key.

Although it's never been designed for forensics use, I tested it on various USB devices (up to USB HDDs) and the hash value never changed.

I use other means of protection for hard disks, but find this method very usefull for smart cards, USB keys and other USB mass storage equipment.

I must say, however, that computer forensics in France is far from being as developped as it is in US or UK. If I had the choice (and the money), I would probably get a hardware write blocker…

 
Posted : 21/02/2006 8:12 pm
(@gmarshall139)
Posts: 378
Reputable Member
 

Walkabout,

I think you are doing fine. The main thing is that you tested and found that the registry key did indeed prevent writes.

 
Posted : 21/02/2006 8:21 pm
 Andy
(@andy)
Posts: 357
Reputable Member
 

Anyone want a free simple to use XP SP2 write block software?

Here you go- http//www.innovision-forensics.co.uk/download/Blocker.zip

Courtesy of yours truly 😉

Saves messing about with the registry key by hand. I've also tested the reg key method with ZIPs, USB Thumb Drives, Compact Flash cards and it works (no write what-so-ever, and MD5's intact).

Andy

 
Posted : 21/02/2006 11:31 pm
Share: