USB write protect?

This topic contains 8 replies, has 5 voices, and was last updated by  dynamik 8 years, 6 months ago.

  • Author
    Posts
  • #6121
     SephStorm 
    Participant

    I have a USB device I want to use purely for malware removal from infected systems. However, obviously I am worried about infections jumping from one computer to another, or to my machine when I need to update them. I did a google search, but I was unable to find a free program that meets my needs. The ones I did see supposedly locked the device on the computer the app was installed on, but not on all PC’s
    help?

  • #38373
     tturner 
    Participant

    It’s not foolproof, but in the past I’ve encrypted all the free space on the drive in a truecrypt volume and left the removal tools in the unencrypted area so malware has nowhere to write to unless it overwrites existing files. Also, if you are doing your malware removal from a bootable USB where the malware isnt executing it’s probably a non-issue.

  • #38374
     awhitehatter 
    Participant

    I agree, TrueCrypt is going to be your best bet in a free solution.

  • #38375
     SephStorm 
    Participant

    like that idea, its pretty unique. I haven’t used TC in a while I mainly use BL. Thanks for the info. πŸ™‚

  • #38376
     tturner 
    Participant

    Here’s another great solution i had not thought of

    http://isc.sans.edu/diary/Read+only+USB+stick+trick/10588

    Use the write protect switch on SD cards (+usb sd reader) πŸ™‚

  • #38377
     dynamik 
    Participant

    Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

    Don’t mix them up.

    Alternatively, save the image somewhere else if you want to get by with a single thumb drive.

  • #38378
     SephStorm 
    Participant

    I like the SD idea. I have a portable media reader, so even if the PC doesnt have a reader, im GTG. I have a 1GB card that should do the trick.

  • #38379
     rattis 
    Participant

    @dynamik wrote:

    Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

    Don’t mix them up.

    Alternatively, save the image somewhere else if you want to get by with a single thumb drive.

    I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.

  • #38380
     dynamik 
    Participant

    @chrisj wrote:

    I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.

    You’re not wiping it to prevent forensic recovery though; you’re just restoring the previous file system to prevent the auto-execution of something like switchblade or some other malware that may get on the drive during use on an untrusted system.

You must be logged in to reply to this topic.

Copyright Β©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?