NCJ Number
203196
Date Published
February 2004
Length
102 pages
Annotation
This report presents the results from the testing of the Royal Canadian Mounted Police Hard Disk Write Lock V0.8 (RCMP HDL) by the Computer Forensic Tool Testing Program, to assure users that tools used in computer forensic investigations provide accurate results.
Abstract
The Computer Forensics Tool Testing (CFTT) program is a federally supported project whose objective is to provide measurable assurance to practitioners, researchers, and other users that the tools used in forensics investigations provide accurate results. This is accomplished through developed specifications and test methods. The test results provide information that is necessary in improving tools, to make informed choices, and to understand the tools’ capabilities. This report presents the results from testing the Royal Canadian Mounted Police Hard-Disk Write Lock V0.8 (RCMP HDL) against Software Write Block Tool Specification & Test Plan, Version 3.0. Top-level tool requirements identified by this specification includes (1) the tool shall not allow a protected drive to be changed; (2) the tool shall not prevent obtaining any information from or about any drive; and (3) the tool shall not prevent any operations to a drive that is not protected. Overall results based on the above stated requirements included: (1) for all test cases run, the tool always blocked commands that would have changed any protected drives; (2) for all test cases run, the tool always allowed commands to obtain information from any protected drives; and (3) for all test cases run, the tool always allowed any command to access any unprotected drives. Information on testing was also presented in the areas of anomalies, mandatory and optional assertions, and the environment or the hardware and software. Tables