> Phillip H. Zakas[SMTP:[EMAIL PROTECTED]] > > > > Variola quotes from an article: > > > > Occasionally a new piece of hardware comes along that initially stumps > > investigators. > > Stenhouse mentions one of the newer Thumb Drives. "There's one that > > requires a thumbprint > > onto the Thumb Drive itself. They have a pad where you actually have > to > > put your thumb on > > it when you plug it in. Well, right now if you gave me one I would > have > > to ponder how to > > forensically gather the data off it." > > Tydlaska (the one quoted above) is either misquoted or misinformed. > www.thumbdrive.com plainly shows a thumbprint is not used by the drive > at all. The 'secure' version prompts a user for a password to access a > thumb drive folder, but doesn't tie into any form of biometrics. As for > a forensic copy, a memory dump to RAM then back to another thumb drive > might be possible, but this would require special software (not > difficult to produce.) > > phillip > Actually, if Mr. Tydlaska bothered to read the docs, he'd find that the manufacturer can recover data off of the the 'secure' Thumbdrive even in the absence of the password. It's clear that the pw is an access control - the data is not encrypted.
As Phillip points out, there is no biometric on the device. I have seen some things which come close - the BioSimKey and the Sony Puppy (which has a Memory Stick version). I've also seed PCMCIA cards with built in fingerprint readers. Ideally, you'd want a smartcard with a built in reader, but so far these are vaporware (though we're getting close). I have seen hard drives which do sector level encryption, and hook into the bios so that the pw request happens before any system sw runs. This is a good solution (modulo bios hacking), but the USB dongle gadgets have the advantage that you take them with you - especially if your house and/or car keys are attached. Encrypted files on a portable device that you keep with you would seem to be the best of all worlds. Peter Trei
