Author:
Tebueva F B,Ogur M G,Zubkov M V,Moisov M G
Abstract
Abstract
Forensic research in the investigation of information security incidents, the production of forensic examinations and many other areas of activity related to computer forensics require the maximum possible preservation of the integrity of the investigated data. To do this, write blockers are used - programs or devices that do not allow writing anything to the drive under investigation. The need to use such means comes both from the requirements of procedural legislation (for example, the Criminal Procedure Code of the Russian Federation), and from various recommendations of a methodological and other nature, as well as from standards (for example, STO BR IBBS-1.3-2016). Some aspects of the functioning of write blockers will be discussed in this article. And on the example of the criminalistic lock the question of influence of the used interface for data transmission in tasks of creation of images of data carriers will be considered.
Reference12 articles.
1. A Study of Forensic Imaging in the Absence of Write- Blockers;Kessler;Journal of Digital Forensics, Security and Law,2014
2. Automated inference of past action instances in digital investigations;James;Int. J. Inf. Secur.,2015
3. File Reconstruction in Digital Forensic;Sitompul;TELKOMNIKA Indones. J. Electr. Eng.,2018
4. Forensic application-fingerprinting based on file system metadata;Kalber,2013