Hardware based snapshot/rollback

For the purpose of malware analysis I am looking for hardware based snapshot/rollback solution.

Basically what needs to be done is all sector WRITE actions are diverted to a secondary disk (preferably RAM disk) and of course the changed sectors are to be read from that secondary disk. Upon reboot you can simply wipe the secondary disk, basically reverting to the initial unchanged state.

Or another solution would be is to record which sectors have been overwritten and these are to be restored on reset/reboot (no need to restore every sector, just the ones that have been altered).

I don't want to rely on software solutions as most are not resilient against latest MBR rootkit infections. Also virtual environments are undesirable as some malware won't run in virtual environments.

Does any one know of a hardware based snapshot/rollback product that performs a function similar to what I have described above?

 

I came across CoreRESTORE:

Manufacturer:
http://cfs-llc.net/

Review in MaximumPC September 2003:
http://books.google.nl/books?id=3gE...C4Q6AEwAw#v=onepage&q=Corerestore IDE&f=false

It seems though that they discontinued the product :
http://d1ss.blogspot.com/2009/07/sata-hardware-write-blocker-anyone.html

There must be other manufacturers right?

 

Some ideas:

1. https://www.wilderssecurity.com/showthread.php?t=196524
2. Do web search for: hardware restore card
or recovery card

 

http://www.alibaba.com/products/recovery_card/--711001--------------------------.html?noddp=Y

 

Erik,
Take a look at this:
http://msdn.microsoft.com/en-us/library/ms838511(WinEmbedded.5).aspx, maybe it will help.