Email us! Subscribe to Liquidmatrix!

iPod Forensics & USB Storage

Author: Dave Lewis
May 1, 2006 at 11:56 am · Filed under Forensics

I recently caught someone at a client site using an iPod to pull corporate data onto it as a hard drive. This brought to mind an interesting paper on iPod forensics that I came across. It was written by Christopher V. Marsico & Marcus K. Rogers. Very much worth a read. Now one thing that people can do to avoid a similar situation is to disable the USB. This is not to say that USB will no longer work for printers and keyboards et cetera. Simply the storage aspect.

Run regedit ans search for the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

The key value for “Start” is set to “3″. This permits USB storage to be attached to the system in question. If this is flipped to “4″ storage devices will be disabled. Whatever you do, make a backup before attempting any registry work.

Another Article Link

Tags: ,

Tag It: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Consumer Devices Give Storage Admins Security Headaches
  • USB Drives Pose Insider Threat
  • NetworkWorld: iPods are ’security threat’
  • Australian Hi-Tech Crime Unit Loses Personal Details
  • Vista Will Force Need For Network Forensics

    • Liquidmatrix Security Digest » NetworkWorld: iPods are ’security threat’ said,

    April 12, 2007 @ 1:25 pm

    [...] I was really in a pinch to block iPods and USB devices from accessing corporate resources I could flip the bit in the registry. But, what does this buy you? Not a whole lot. Frankly the harder you squeeze employees the more [...]

    Liquidmatrix Security Digest » Consumer Devices Give Storage Admins Security Headaches said,

    April 18, 2008 @ 5:27 am

    [...] all that new in this article. But, it does give me an opportunity to point to this piece on the Windows registry for locking out USB storage [...]

    IT Security » Blog Archive » Guide to Blocking USB Devices said,

    April 23, 2008 @ 2:08 pm

    [...] Did you know you can block the storage devices, without blocking printers or other USB devices, by making some edits in the registry?  Here’s how, courtesy of Dave Lewis. [...]

    RSS feed for comments on this post · TrackBack URI

    Leave a Comment