I will be the first to say that this is not likely a device that your average avid PC lover would want or need as a Christmas present. However it will have a huge fan base with anyone involved with the area of data forensics. Most people have barely even heard of the term, never mind define it, but it is a very important aspect in the law enforcement and investigation world.

For the uninitiated it is the science (and sometimes art) of retrieving information from the plethora of digital devices that litter today’s world. It sounds simple, merely turn it on, and read whatever is to be found. Alas, the real world is not that simple, the mere act of powering up a computer, a cell phone, or any other device has a detrimental effect to the data involved. Potentially important information can be forever lost. For example the date and time that it was last powered on! In fact often it is not the data that you can read that is important, it is the information that you can not normally see that holds the key.

In the mid 90’s I was invited to act as a forensics expert in a civil trial. During the discovery process I was invited into the enemies camp, a plethora of ‘suits’ awaited me in an imposing boardroom. We were there to discover the deeper meaning in a box of ‘floppy discs’. It did not take but a few moments to discover that that the disks being presented were copies! Copies that might have been made in good (or not so good) faith. A room full of very red faced and expensive lawyers had just learned a valuable lesson. Busted, they now had to fess up the originals. At $300 an hour, and I had 10 of them in the room, it pretty much represented a $30k misadventure for this ‘illustrious’ company.

Rule number one, do not mess with data! Many of the tools of the digital forensics trade are not to be found in your local computer store, in fact, there is no reason why the man in the street would have the need or desire for them. Wiebetech are at the cutting edge of the Data Forensics industry and their latest product the Wiebetech USB Write-Blocker is no exception.

Using the Write-Blocker you can access any device that is recognized as a USB Mass Storage device, that includes Thumb Drives, Hard drives, and many Digital Cameras and Cell Phones. I like things that are designed with one purpose in mind, and are easy to operate. The users guide for this unique device is only 8 pages long!

Using it is simplicity itself, plug the target device in one end (clearly marked) and the computer that you wish to capture the data onto in the other end. A green light turns on, and voila, you can read the contents or copy the contents, and zero digital fingerprint is left that you have done either. There is one small button on the Write Blocker, and that allows you to swap target devices by merely changing the target and recycling the Write Blocker.

One really interesting feature that I must admit took me a few minutes to grasp the significance of is that the Write-Blocker in some ways is designed as a two way protection system. The target device has no clue what it is being interrogated, and the host computer is unaware of the exact nature of the device, Windows merely sees a USB Mass Storage device. The nature of that device is hidden. This might indeed be a very useful feature if time is of the essence, and you happen to be ‘borrowing’ a computer to perform the investigation.

If you are running the Write-Blocker on a trusted system though, there is a wonderful little utility available from Wiebetech that will reveal everything you wanted to know about the drive in question. I love to try and break things, oh not literally, break in the logical sense. Well I met my match with this little gizmo. I tried various Thumb Drives, a high end media player, a couple of external USB hard drives, and it worked every time. I also tried it on Windows XP, Vista, and a Linux box. It also did not care if the target or acquisition was USB 1.1 or 2.0. Even worse, it is designed to be as rugged as you can get, a soft rubber cover protects it from any abuse you might inadvertently heap on it.

You just stretch the pliable, and always attached covers at either end to reveal the connectors, and when you are done simply put them back on. For the real forensics geek they even include a lanyard so you can wear it around your neck. Personally I think this kind of technology is better kept out of sight, as in, in your pocket! This is without doubt the smallest, slickest write blocking device I have come across. At just under $200 it is also the most cost effective on the market.

You can check out this very vital tool at the Wiebetech web site.

Simon Barrett

Be Sociable, Share!