Before connecting the suspect drive to your forensic workstation, it is crucial to enable write-blocking protection on your USB devices as Operation Systems writes data and modify existing Meta data available on disks/usb devices while booting. In this tutorial Iam going to show you how to implement write-protection to USB|external hard drivers to prevent windows from contaminating your evidence drive. Both manual and automatic methods are shown, please note that there are hardware devices that can implement the same functionality, but Iam not going to cover it here in details , I will just mention the major vendors if you want to buy one; the software solutions described below once implemented correctly can give the same results with no costs.
Tutorial Key Facts
Supported Operating System The Manual Way: Windows XP, Vista, Win 7 (all versions)
The Automatic Way:
Solution 1: Windows xp , Vista , Windows 7 , Windows 8 ,Windows 8.1 (both x86 and x64)
Solution 2: Win7/Vista/XP
Solution 3: Win 32 – supports Vista, 7
Notes Require Windows Registry modifications , use with caution for beginner users. Backup your registry first
Last Update 2014/03/10
Author Nihad Hassan
First: The Manual Way:
Go to the start > run and type “regedit” in run console as follow 
Browse you registry to the following location: [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUSBSTOR] 
In the right pane you will find the “start” property , right click on it and select “Modify” , change its “value data” to [4] to disable writing to USB devices, by default it is set to [3] which allow writing to USB drives. 
Plug your USB to your computer , it will not be able to recognize it anymore; to enable it again change the “start” property “value data” to [3].
Second: The Automatic Way
Solution 1:
Supported OS: Windows xp , Vista , Windows 7 , Windows 8 ,Windows 8.1 (both x86 and x64) Ratool v1.0 (Removable Access tool): is a very simple-to-use portable freeware Application it help us to control USB storage devices. Ratool can disable USB storage access or enable write protection on all USB Flash drives thus prevent data from being modified or deleted. 
We have three options:
- Disable USB Disks Detection: It disables any USB storage / PenDrive access to your pc.
- Allow Read & Write. This option is the default option and provides normal access to USB devices.
- Allow Read Only: This option restricts users from writing anything on the USB device but lets them access any information stored on it.
After applying the changes, a system restart is needed to implement the desired action.
Solution 2:
USB Disabler (created by wittsoft) is a small, simple program designed to enable or disable USB storage access on your Windows computer, it supports Win7/Vista/XP. 
You can choose “Disabled” to disable write blocking to USB device, “Read Only” to allow only reading the contents of the USB device without the ability to write inside it; and the normal mode which allow read/write to USB drive. This is a portable application and could be downloaded from the here: http://wittsoft.blogspot.com/2011/08/usb-disabler-super-fast-easy-thumbdrive.html Or from here: http://www.majorgeeks.com/files/details/usb_disabler.html
Solution 3:
We perform the same function as we did above by using a small utility called Zokif USB Flash Disabler/Enabler; this small tool (Win 32 – supports Vista, 7) will change the “Start” property “value data” to either [3] to enable writing to USB or [4] to disable writing without direct access to computer registry. You can download this tool rom the following location http://sourceforge.net/projects/usbdisabler/ Click “Disable USB Flash” button to disable USB devices or “Enable USB Flash” button to enable writing to USB devices. 
Third: Hardware Write-blocking Devices:
With hardware write-blockers, we can connect the drive that we want to inspect to our workstation and start the OS as usual. Hardware write-blocking devices prevents Windows or Linux OS from writing data to blocked drive while booting, hardware write-blocking works a s a layer between our forensic workstation and the inspection drive.
Please note, when attaching a hardware write-blocking device to a computer running windows OS and trying to copy or modify data in the blocked drive, window will issue no warning and will show data copy or modifications to a specific file was successful, however when we restart the machine the blocked drive (which the hardware write-blocking was attached to it) will return to its original state without the modifications we’ve done previously.
The following vendors provide Hardware-write blocking devices:
http://www.digitalintelligence.com
http://www.guidancesoftware.com
http://www.forensic-computer.com
Demonstration of Voomtect Hard Drive Duplicator with built-in write blocking protection
Image of NoWrite FlashBlock II;Write Blocker add-on for Compact Flash & Digital Media from http://www.mykeytech.com/nowriteflashblock2.html
