A Forensically Sound Windows Boot Disk For Acquiring Network Storge

To address this critical hole in acquisition technology, this project will develop a software write blocked Windows forensic boot disk that will allow for the retrieval of information during a forensic investigation. It will have several major advantages over current DOS/Linux boot disks, utilizing Windows drivers ' drivers that are often not available in DOS and Linux for new hardware, such as devices found in network storage. It will also allow investigators to use the more familiar Windows platform and Windows imaging tools. It will write directly to the NTFS file system, accomplishing improved imaging speed, compression, and utility. It will have logistical, investigation time, adaptability, and expense advantages over hardware write blocking techniques. The result will be an easy-to-use platform onto which powerful imaging, archiving, analysis and triage tools can be placed. ca/ncf