/dev/everything |
May 1, 2006

I recently caught someone at a client site using an iPod to pull corporate data onto it as a hard drive. This brought to mind an interesting paper on iPod forensics that I came across. It was written by Christopher V. Marsico & Marcus K. Rogers. Very much worth a read. Now one thing that people can do to avoid a similar situation is to disable the USB. This is not to say that USB will no longer work for printers and keyboards et cetera. Simply the storage aspect.

Run regedit ans search for the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR

The key value for “Start” is set to “3”. This permits USB storage to be attached to the system in question. If this is flipped to “4” storage devices will be disabled. Whatever you do, make a backup before attempting any registry work.

Another Article Link

[tags]USB Storage, iPod Forensics[/tags]

Related posts

Comments

  1. Pingback: Liquidmatrix Security Digest » NetworkWorld: iPods are ’security threat’
  2. Pingback: Liquidmatrix Security Digest » Consumer Devices Give Storage Admins Security Headaches
  3. Pingback: IT Security » Blog Archive » Guide to Blocking USB Devices

  4. This does not work for Smartphones, Blackberrys, PDAs etc…

    Will only work for USB devices which DeviceID beggins with USBSTOR. What about USB\Vol_??

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.