Content deleted Content added
Repairing link to disambiguation page - You can help! |
|||
Line 1:
A '''forensic disk controller''' or '''hardware write-block device''' is a specialized type of computer [[hard disk controller]] made for the purpose of gaining read-only access to computer [[hard drive]]s without the risk of damaging the drive's contents. The device is named [[forensics|forensic]] because its most common application is for use in
Using hardware to protect the hard drive from writes is very important for several reasons. First, many [[operating system]]s, including [[Microsoft Windows|Windows]], may write to any hard disk that is connected to the system. At the very least, Windows will update the [[access time]] for any file accessed, and may write things to the disk unexpectedly - such as creating hidden folders for the [[recycle bin]] or saved hardware configuration. [[Computer virus|Virus]] infections or [[malware]] on the system used for analysis may attempt to infect the disk being inspected. Additionally, the [[NTFS]] file system may attempt to commit or rollback unfinished transactions, and/or change flags on the volume to mark it as "in use". At the worst, undesired files may allocate and overwrite deleted space on the hard disk which may potentially destroy evidence in the form of previously deleted files.
| |||