Forensic storage developer WiebeTech has developed a pair of write-blocked PCIe adapter cards that connect to devices such as disk drives or arrays, but prevent the host computer from writing to them.

The RedPort cards allow an investigator to study or copy stored data without the risk of accidentally altering it, according to WiebeTech CEO and president James Wiebe. He claimed that if you make a normal host adapter read-only it may still be possible to reverse that in software.

The reason for doing read-only adapter cards is that WiebeTech's other forensic gear only connects to individual hard drives. That's a bit of a pain if you have a multi-drive array to copy – more so if those drives are part of a SAN or a RAID set.

The RedPort cards each provide two write-protected 4Gig Fibre Channel or Ultra320 SCSI connectors. WiebeTech said they're called RedPort because the ports are red. Actually, they're not – the back panel plates are striped red, but the effect is similar.

They're not cheap – they list at £1,769 and £719 respectively – but that's not much compared to the cost of losing a court case because you damaged the evidence. The cards use ATTO hardware with modified firmware, and are distributed in the UK by AM Micro. ®

Related stories

• Mobile forensics turns up heat on suspects (11 February 2007)
• Boffins boot up shoe database (30 January 2007)
• Forensics reaches into the future (27 December 2006)
• Forensics wield new DNA weapon (4 October 2006)
• Police expert admits mobile phone forensics barrier (7 July 2006)
• Analysis Drowning in data - complexity's threat to terror investigations (6 July 2006)
• Forensic felonies (26 April 2006)