Skip to content
/ Write_Blocker_Script Public

Python Script to Disable Write Operations while Creating Forensic Image of Physical Drives

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xNirvana/Write_Blocker_Script

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
tools
tools
 
 
udev
udev
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
script.py
script.py
 
 
test_readonly.py
test_readonly.py
 
 
workspace.code-workspace
workspace.code-workspace
 
 

Repository files navigation

Write Blocker For Host Based Forensics Project

Modules to be added

Initial setup - Patching

  • Add couple of lines to the rules file

Enabling a Write Blocker

  1. Stopping automount service
  2. Identifying the USB drive insertion
  3. Mounting USB drive
  4. Blocking through
    • blockdev
    • mount ro (Command in task 3 would change)

Disabling a write blocker (Steps TBD)

TBD (If we have time and is feasible)

  • Monitor kernel level instructions (To verify if it's working/corner cases)
  • Block SCSI instructions

About

Python Script to Disable Write Operations while Creating Forensic Image of Physical Drives

Topics

python3 forensics write-blocker

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages