Subscribe to Liquidmatrix Security DigestNews FeedSubscribe to Liquidmatrix Security DigestComments

Browse > Home / Forensics / iPod Forensics & USB Storage

iPod Forensics & USB Storage

3

Author: Dave Lewis

I recently caught someone at a client site using an iPod to pull corporate data onto it as a hard drive. This brought to mind an interesting paper on iPod forensics that I came across. It was written by Christopher V. Marsico & Marcus K. Rogers. Very much worth a read. Now one thing that people can do to avoid a similar situation is to disable the USB. This is not to say that USB will no longer work for printers and keyboards et cetera. Simply the storage aspect.

Run regedit ans search for the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

The key value for “Start” is set to “3″. This permits USB storage to be attached to the system in question. If this is flipped to “4″ storage devices will be disabled. Whatever you do, make a backup before attempting any registry work.

Another Article Link

Tags: ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • NewsVine
  • LinkedIn
  • TwitThis
  • Facebook
  • Live

Posted by Dave Lewis on Monday, May 1, 2006 at 11:56 am 
Filed under Forensics · Tagged with


Comments

3 Responses to “iPod Forensics & USB Storage”

Trackbacks

Check out what others are saying about this post...
  1. Liquidmatrix Security Digest » NetworkWorld: iPods are ’security threat’ says:
    April 12, 2007 at 1:25 pm

    [...] I was really in a pinch to block iPods and USB devices from accessing corporate resources I could flip the bit in the registry. But, what does this buy you? Not a whole lot. Frankly the harder you squeeze employees the more [...]

  2. Liquidmatrix Security Digest » Consumer Devices Give Storage Admins Security Headaches says:
    April 18, 2008 at 5:27 am

    [...] all that new in this article. But, it does give me an opportunity to point to this piece on the Windows registry for locking out USB storage [...]

  3. IT Security » Blog Archive » Guide to Blocking USB Devices says:
    April 23, 2008 at 2:08 pm

    [...] Did you know you can block the storage devices, without blocking printers or other USB devices, by making some edits in the registry?  Here’s how, courtesy of Dave Lewis. [...]



Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!