Phillip H. Zakas[SMTP:[EMAIL PROTECTED]]
Variola quotes from an article:
Occasionally a new piece of hardware comes along that initially stumps
investigators.
Stenhouse mentions one of the newer Thumb Drives. There's one that
requires a thumbprint
onto the Thumb Drive itself. They have a pad where you actually have
to
put your thumb on
it when you plug it in. Well, right now if you gave me one I would
have
to ponder how to
forensically gather the data off it.
Tydlaska (the one quoted above) is either misquoted or misinformed.
www.thumbdrive.com plainly shows a thumbprint is not used by the drive
at all. The 'secure' version prompts a user for a password to access a
thumb drive folder, but doesn't tie into any form of biometrics. As for
a forensic copy, a memory dump to RAM then back to another thumb drive
might be possible, but this would require special software (not
difficult to produce.)
phillip
Actually, if Mr. Tydlaska bothered to read the docs, he'd find that the
manufacturer can recover data off of the the 'secure' Thumbdrive even
in the absence of the password. It's clear that the pw is an access
control - the data is not encrypted.
As Phillip points out, there is no biometric on the device. I have seen
some things which come close - the BioSimKey and the Sony Puppy
(which has a Memory Stick version). I've also seed PCMCIA cards
with built in fingerprint readers. Ideally, you'd want a smartcard with
a built in reader, but so far these are vaporware (though we're getting
close).
I have seen hard drives which do sector level encryption, and hook into
the bios so that the pw request happens before any system sw runs.
This is a good solution (modulo bios hacking), but the USB dongle
gadgets have the advantage that you take them with you -
especially if your house and/or car keys are attached.
Encrypted files on a portable device that you keep with you would
seem to be the best of all worlds.
Peter Trei
