1.14. Evidence Acquisition: USB

1.14. Evidence Acquisition: USB #

Universal Serial Bus is the most popular connection used to connect many different devices to a computer

It is cross-platform, hot-swappable, and plug-and-play.

USB Insecurity #

  • UK Policeman lost a memory stick containing terrorist cell information
  • New Zealand resident bought an MP3 player with US military data
  • A security investigator dropped 20 USB drives containing Trojans in a company’s car park. 15 of them were plugged into the company’s computers.
  • A Countrywide employee was able to steal up to 20,000 records at a time by copying network files to a USB drive over a period of two years.

USB Security #

  • Secure all data on the drive by using a strong encryption algorithm (such as AES-256)
  • Use a secure delete utility to remove data from the USB
  • Disable Autorun and Autoplay on Windows
  • Scan USB drives that are connected to the computer

USB Forensics #

  • Find deleted, undeleted, and carved data
  • Investigate the USB device history
Edit Edit this page

© 2024 Ryan Bester & Collaborators