20 lines (15 loc) · 530 Bytes

Write Blocker For Host Based Forensics Project

Modules to be added

Initial setup - Patching

Add couple of lines to the rules file

Enabling a Write Blocker

Stopping automount service
Identifying the USB drive insertion
Mounting USB drive
Blocking through
- blockdev
- mount ro (Command in task 3 would change)

Disabling a write blocker (Steps TBD)

TBD (If we have time and is feasible)

Monitor kernel level instructions (To verify if it's working/corner cases)
Block SCSI instructions