Linux tool speeds up police computer forensics (ZDNet)

> This claim seems dubious to me.  I don't know of any "court-certified
> hardware write-blockers" at all,

Here you go: http://www.cftt.nist.gov/hardware_write_block.htm

Using a write-blocker that the courts have not already recognized as tested and suitable for
their purpose will only leave you to spend time and money to prove that your homemade write
block worked and didn't introduce changes to the media.  The defense will use that opportunity
to get the evidence thrown out.

I can understand using this tool if you have used an approved tool to create an image and then
examine the image to find evidence.  You can then use that knowledge to then use a certified
tool, such as FTK, to gather the evidence for court.

Again, Australia may have different rules than the US, which is the perspective that I'm
speaking from.

> Note that witness testimony is admissable evidence too, and just try 
> proving any bounds on its unreliability... somehow justice soldiers on,
> not perfectly, but okay.

Are you implying that computers can provide different data for each read much like a witness
might not remember the exact same thing from one moment to the next?

We give electronic records more weight since we assume computers to be exact.  Something as
small as a timestamp on a file could be important evidence for a case.  If a timestamp is
altered because of a faulty write-blocker then any evidence gained from said media could be
suspect.