Evidence Preservation Tool

This simple but effective program is designed to limit access to computers that have been seized as evidence. All too often, 'resident computer experts' get curious and attempt to operate seized computers in hopes of finding clues or evidence. These individuals many times are not trained in computer forensics and are therefore unfamiliar with proper computer evidence processing procedures. They typically don't know that even the mere running of a computer system can overwrite evidence stored in the Windows swap file and/or in erased file space. This program was written to help prevent these common problems and its uses are described in Computer Forensics, Incident Response Essentials by Warren G. Kruse II and Jay G. Heiser, Cyber Crime Investigator's Field Guide by Bruce Middleton and Cybersecurity Operations Handbook by Dr. John W. Rittinghouse and Dr. William M. Hancock.

When the Seized program is operated, it locks the computer system and displays a message on the screen advising the computer user that the computer contains evidence and it should not be operated without authorization. The program was designed to be installed on a DOS system diskette for placement in all floppy diskette drives on the computer system. The program is called from an AUTOEXEC.BAT file configured to call the program. Once the program has been called it locks the computer and displays the warning message on the screen. Please note that this methodology may not work effectively if the seized computer is configured to boot from the computer hard disk drive. Therefore, a knowledgeable computer forensic specialist should configure system diskettes to boot with the automatic operation of the program. The computer specialist should also examine the content of CMOS to insure that the computer will boot from a floppy diskette rather than a hard disk drive.

SEIZED Program - Primary Uses:

SEIZED - Program Features and Benefits:

Back To NTI's Home Page

Please direct E-Mail to

Copyright © 2004 by New Technologies Armor, Inc. January 16, 2004