iPod Forensics & USB Storage
I recently caught someone at a client site using an iPod to pull corporate data onto it as a hard drive. This brought to mind an interesting paper on iPod forensics that I came across. It was written by Christopher V. Marsico & Marcus K. Rogers. Very much worth a read. Now one thing that people can do to avoid a similar situation is to disable the USB. This is not to say that USB will no longer work for printers and keyboards et cetera. Simply the storage aspect.
Run regedit ans search for the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
[tags]USB Storage, iPod Forensics[/tags]
Posted by Dave Lewis
on May 1, 2006. Filed under Forensics.
You can follow any responses to this entry through the RSS 2.0.
You can leave a response or trackback to this entry
5 Responses to iPod Forensics & USB Storage
Leave a Reply
Follow Liquidmatrix
Pingback: Liquidmatrix Security Digest » NetworkWorld: iPods are ’security threat’
Pingback: Liquidmatrix Security Digest » Consumer Devices Give Storage Admins Security Headaches
Pingback: IT Security » Blog Archive » Guide to Blocking USB Devices
Ian McKeag
March 25, 2010 at 4:53 am
This does not work for Smartphones, Blackberrys, PDAs etc…
Will only work for USB devices which DeviceID beggins with USBSTOR. What about USB\Vol_??
Dave Lewis
March 27, 2010 at 3:25 pm
@Ian
That was an article from 2006. I’m afraid that will require some research to answer your question.