iPod Forensics & USB Storage

3

Author: Dave Lewis

I recently caught someone at a client site using an iPod to pull corporate data onto it as a hard drive. This brought to mind an interesting paper on iPod forensics that I came across. It was written by Christopher V. Marsico & Marcus K. Rogers. Very much worth a read. Now one thing that people can do to avoid a similar situation is to disable the USB. This is not to say that USB will no longer work for printers and keyboards et cetera. Simply the storage aspect.

Run regedit ans search for the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

The key value for “Start” is set to “3″. This permits USB storage to be attached to the system in question. If this is flipped to “4″ storage devices will be disabled. Whatever you do, make a backup before attempting any registry work.

Another Article Link

Tags: ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • NewsVine
  • LinkedIn
  • TwitThis
  • Facebook
  • Live

Comments

3 Responses to “iPod Forensics & USB Storage”

Trackbacks

Check out what others are saying about this post...
  1. [...] I was really in a pinch to block iPods and USB devices from accessing corporate resources I could flip the bit in the registry. But, what does this buy you? Not a whole lot. Frankly the harder you squeeze employees the more [...]

  2. [...] all that new in this article. But, it does give me an opportunity to point to this piece on the Windows registry for locking out USB storage [...]

  3. [...] Did you know you can block the storage devices, without blocking printers or other USB devices, by making some edits in the registry?  Here’s how, courtesy of Dave Lewis. [...]



Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!