Does anyone have a suggestion for a (relatively cheap) USB write blocker? I know there are some USB flash drives that have a read only switch, as well as SD cards, but I would like to be able to use any type of USB storage device as read only.
Thanks!

That's what I figured. It's prety much the only one I can find online.

Jimbob, this is a good solution and is how I currently work in my lab for testing and playing.

However, I'm not a forensic guy and haven't had anything come close to requiring legal attention. I'd always assumed that this method whilst it 'works' it is going to get destroyed if the investigation ever comes to court as you can't prove that you did everything right. Alternatively if you used a write-blocker then there couldn't be any unauthorised/unintentional alterations to the evidence (assuming your blocker works of cause....)

Obviously laws vary between states/countries, but can someone with better knowledge provide a quick 'litmus test' yes or no?

Cheers,
RR

We use the digital intelligence ones too.  Helix, Raptor, and a couple of other forensics boot discs work very well too.   You still have to be careful. 

One other we use in case of emergency and as a last option is the usb write protect option in XP and Vista.  You can configure this through Group Policies or the Registry.   There is also software that will switch the setting on and off nicely.   From what I understand, this method has been used a few times and was accepted in court.

RR, what's funny about that statement is that almost all forensics analysts tend to fall back to "I know what I'm doing and I am saying that I did it correctly."  The defense lawyers will always attempt to attack your abilities and knowledge first because it is the most common area of weakness.  If you can't demonstrate that you know what you're doing then you'll probably get exposed.  If you can demonstrate it on the stand, then they'll attack your tools.  This is harder to do because most of them have been vetted already, but there is always a chance that they can convince the court that something went wrong.  Hardware write blockers have a known failure rate, there can always be something in the tool/platform settings that could screw up the evidence, a cosmic gamma burst could have randomly scrambled those bits on the hard drive so that they magically turned into a picture of a little boy in a sprinkler, etc.  This is more of an exercise in confusing/scaring the jury.  If they can't get you on your knowledge or your tools, then they'll try to attack your integrity.  At the end of the day, everyone who testifies is basically saying "I did what I said I did."