USB write protect?

Viewing 8 reply threads
  • Author
    Posts
    • #6121
      SephStorm
      Participant

      I have a USB device I want to use purely for malware removal from infected systems. However, obviously I am worried about infections jumping from one computer to another, or to my machine when I need to update them. I did a google search, but I was unable to find a free program that meets my needs. The ones I did see supposedly locked the device on the computer the app was installed on, but not on all PC’s
      help?

    • #38373
      tturner
      Participant

      It’s not foolproof, but in the past I’ve encrypted all the free space on the drive in a truecrypt volume and left the removal tools in the unencrypted area so malware has nowhere to write to unless it overwrites existing files. Also, if you are doing your malware removal from a bootable USB where the malware isnt executing it’s probably a non-issue.

    • #38374
      awhitehatter
      Participant

      I agree, TrueCrypt is going to be your best bet in a free solution.

    • #38375
      SephStorm
      Participant

      like that idea, its pretty unique. I haven’t used TC in a while I mainly use BL. Thanks for the info. 🙂

    • #38376
      tturner
      Participant

      Here’s another great solution i had not thought of

      http://isc.sans.edu/diary/Read+only+USB+stick+trick/10588

      Use the write protect switch on SD cards (+usb sd reader) 🙂

    • #38377
      dynamik
      Participant

      Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

      Don’t mix them up.

      Alternatively, save the image somewhere else if you want to get by with a single thumb drive.

    • #38378
      SephStorm
      Participant

      I like the SD idea. I have a portable media reader, so even if the PC doesnt have a reader, im GTG. I have a 1GB card that should do the trick.

    • #38379
      rattis
      Participant

      @dynamik wrote:

      Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.

      Don’t mix them up.

      Alternatively, save the image somewhere else if you want to get by with a single thumb drive.

      I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.

    • #38380
      dynamik
      Participant

      @chrisj wrote:

      I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.

      You’re not wiping it to prevent forensic recovery though; you’re just restoring the previous file system to prevent the auto-execution of something like switchblade or some other malware that may get on the drive during use on an untrusted system.

Viewing 8 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?