HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 76 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Hardwarearrow USB write protect?
EH-Net
May 26, 2012, 04:41:41 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: USB write protect?  (Read 12983 times)
0 Members and 2 Guests are viewing this topic.
SephStorm
Sr. Member
****
Offline Offline

Posts: 416


View Profile WWW
« on: February 24, 2011, 03:02:47 AM »
I have a USB device I want to use purely for malware removal from infected systems. However, obviously I am worried about infections jumping from one computer to another, or to my machine when I need to update them. I did a google search, but I was unable to find a free program that meets my needs. The ones I did see supposedly locked the device on the computer the app was installed on, but not on all PC's
help?
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
tturner
Sr. Member
****
Offline Offline

Posts: 329


View Profile WWW
« Reply #1 on: February 24, 2011, 05:46:36 AM »
It's not foolproof, but in the past I've encrypted all the free space on the drive in a truecrypt volume and left the removal tools in the unencrypted area so malware has nowhere to write to unless it overwrites existing files. Also, if you are doing your malware removal from a bootable USB where the malware isnt executing it's probably a non-issue.
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE
awhitehatter
Newbie
*
Offline Offline

Posts: 19



View Profile
« Reply #2 on: February 24, 2011, 09:53:03 AM »
I agree, TrueCrypt is going to be your best bet in a free solution.
Logged
SephStorm
Sr. Member
****
Offline Offline

Posts: 416


View Profile WWW
« Reply #3 on: February 24, 2011, 01:27:22 PM »
 like that idea, its pretty unique. I haven't used TC in a while I mainly use BL. Thanks for the info. Smiley
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
tturner
Sr. Member
****
Offline Offline

Posts: 329


View Profile WWW
« Reply #4 on: March 24, 2011, 10:49:24 AM »
Here's another great solution i had not thought of

http://isc.sans.edu/diary/Read+only+USB+stick+trick/10588

Use the write protect switch on SD cards (+usb sd reader) Smiley
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 650


aka dynamik


View Profile WWW
« Reply #5 on: March 30, 2011, 10:13:18 PM »
Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

Don't mix them up.

Alternatively, save the image somewhere else if you want to get by with a single thumb drive.
Logged
WIP: OSCP | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
SephStorm
Sr. Member
****
Offline Offline

Posts: 416


View Profile WWW
« Reply #6 on: March 30, 2011, 10:28:44 PM »
I like the SD idea. I have a portable media reader, so even if the PC doesnt have a reader, im GTG. I have a 1GB card that should do the trick.
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
chrisj
Hero Member
*****
Offline Offline

Posts: 997


View Profile
« Reply #7 on: March 31, 2011, 09:52:55 AM »
Quote from: dynamik on March 30, 2011, 10:13:18 PM
Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

Don't mix them up.

Alternatively, save the image somewhere else if you want to get by with a single thumb drive.

I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.
Logged
OSWP, Sec+
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 650


aka dynamik


View Profile WWW
« Reply #8 on: March 31, 2011, 09:09:22 PM »
Quote from: chrisj on March 31, 2011, 09:52:55 AM
I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.

You're not wiping it to prevent forensic recovery though; you're just restoring the previous file system to prevent the auto-execution of something like switchblade or some other malware that may get on the drive during use on an untrusted system.
Logged
WIP: OSCP | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.107 seconds with 21 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.