For the purpose of malware analysis I am looking for hardware based snapshot/rollback solution. Basically what needs to be done is all sector WRITE actions are diverted to a secondary disk (preferably RAM disk) and of course the changed sectors are to be read from that secondary disk. Upon reboot you can simply wipe the secondary disk, basically reverting to the initial unchanged state. Or another solution would be is to record which sectors have been overwritten and these are to be restored on reset/reboot (no need to restore every sector, just the ones that have been altered). I don't want to rely on software solutions as most are not resilient against latest MBR rootkit infections. Also virtual environments are undesirable as some malware won't run in virtual environments. Does any one know of a hardware based snapshot/rollback product that performs a function similar to what I have described above?