HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 40 guests and 3 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Hardwarearrow USB write protect?
EH-Net
May 23, 2013, 01:48:18 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: USB write protect?  (Read 19666 times)
0 Members and 1 Guest are viewing this topic.
SephStorm
Hero Member
*****
Offline Offline

Posts: 530


View Profile WWW
« on: February 24, 2011, 03:02:47 AM »
I have a USB device I want to use purely for malware removal from infected systems. However, obviously I am worried about infections jumping from one computer to another, or to my machine when I need to update them. I did a google search, but I was unable to find a free program that meets my needs. The ones I did see supposedly locked the device on the computer the app was installed on, but not on all PC's
help?
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #1 on: February 24, 2011, 05:46:36 AM »
It's not foolproof, but in the past I've encrypted all the free space on the drive in a truecrypt volume and left the removal tools in the unencrypted area so malware has nowhere to write to unless it overwrites existing files. Also, if you are doing your malware removal from a bootable USB where the malware isnt executing it's probably a non-issue.
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
awhitehatter
Newbie
*
Offline Offline

Posts: 19



View Profile
« Reply #2 on: February 24, 2011, 09:53:03 AM »
I agree, TrueCrypt is going to be your best bet in a free solution.
Logged
SephStorm
Hero Member
*****
Offline Offline

Posts: 530


View Profile WWW
« Reply #3 on: February 24, 2011, 01:27:22 PM »
 like that idea, its pretty unique. I haven't used TC in a while I mainly use BL. Thanks for the info. Smiley
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #4 on: March 24, 2011, 10:49:24 AM »
Here's another great solution i had not thought of

http://isc.sans.edu/diary/Read+only+USB+stick+trick/10588

Use the write protect switch on SD cards (+usb sd reader) Smiley
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #5 on: March 30, 2011, 10:13:18 PM »
Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

Don't mix them up.

Alternatively, save the image somewhere else if you want to get by with a single thumb drive.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
SephStorm
Hero Member
*****
Offline Offline

Posts: 530


View Profile WWW
« Reply #6 on: March 30, 2011, 10:28:44 PM »
I like the SD idea. I have a portable media reader, so even if the PC doesnt have a reader, im GTG. I have a 1GB card that should do the trick.
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
chrisj
Hero Member
*****
Offline Offline

Posts: 1163


View Profile WWW
« Reply #7 on: March 31, 2011, 09:52:55 AM »
Quote from: dynamik on March 30, 2011, 10:13:18 PM
Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

Don't mix them up.

Alternatively, save the image somewhere else if you want to get by with a single thumb drive.

I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.
Logged
OSWP, Sec+
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #8 on: March 31, 2011, 09:09:22 PM »
Quote from: chrisj on March 31, 2011, 09:52:55 AM
I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.

You're not wiping it to prevent forensic recovery though; you're just restoring the previous file system to prevent the auto-execution of something like switchblade or some other malware that may get on the drive during use on an untrusted system.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.082 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.