- This topic has 8 replies, 5 voices, and was last updated 9 years, 9 months ago by
dynamik.
-
AuthorPosts
-
-
February 24, 2011 at 9:02 am #6121
SephStorm
ParticipantI have a USB device I want to use purely for malware removal from infected systems. However, obviously I am worried about infections jumping from one computer to another, or to my machine when I need to update them. I did a google search, but I was unable to find a free program that meets my needs. The ones I did see supposedly locked the device on the computer the app was installed on, but not on all PC’s
help? -
February 24, 2011 at 11:46 am #38373
tturner
ParticipantIt’s not foolproof, but in the past I’ve encrypted all the free space on the drive in a truecrypt volume and left the removal tools in the unencrypted area so malware has nowhere to write to unless it overwrites existing files. Also, if you are doing your malware removal from a bootable USB where the malware isnt executing it’s probably a non-issue.
-
February 24, 2011 at 3:53 pm #38374
awhitehatter
ParticipantI agree, TrueCrypt is going to be your best bet in a free solution.
-
February 24, 2011 at 7:27 pm #38375
SephStorm
Participantlike that idea, its pretty unique. I haven’t used TC in a while I mainly use BL. Thanks for the info. 🙂
-
March 24, 2011 at 3:49 pm #38376
tturner
ParticipantHere’s another great solution i had not thought of
http://isc.sans.edu/diary/Read+only+USB+stick+trick/10588
Use the write protect switch on SD cards (+usb sd reader) 🙂
-
March 31, 2011 at 3:13 am #38377
dynamik
ParticipantUse two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.
Don’t mix them up.
Alternatively, save the image somewhere else if you want to get by with a single thumb drive.
-
March 31, 2011 at 3:28 am #38378
SephStorm
ParticipantI like the SD idea. I have a portable media reader, so even if the PC doesnt have a reader, im GTG. I have a 1GB card that should do the trick.
-
March 31, 2011 at 2:52 pm #38379
rattis
Participant@dynamik wrote:
Use two thumb drives. Use one as the clean/original copy and the other as the one that is actively used. Boot from a live CD and dd from clean to used after each use.
Don’t mix them up.
Alternatively, save the image somewhere else if you want to get by with a single thumb drive.
I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.
-
April 1, 2011 at 2:09 am #38380
dynamik
Participant@chrisj wrote:
I like the live-cd + saved image idea, but I wonder how that works after learning how hard it is to wipe a USB.
You’re not wiping it to prevent forensic recovery though; you’re just restoring the previous file system to prevent the auto-execution of something like switchblade or some other malware that may get on the drive during use on an untrusted system.
-
-
AuthorPosts
- You must be logged in to reply to this topic.