Full Disclosure mailing list archives
Re: Microsoft device helps police pluck evidencefrom cyberscene of crime
From: "Rob Thompson" <my.security.lists () gmail com>
Date: Wed, 30 Apr 2008 14:17:48 -0700
On Wed, Apr 30, 2008 at 11:25 AM, Fetch, Brandon <bfetch () tpg com> wrote:
I'd be more curious what the requirements are on the host machine.
From what I have read, which isn't _too_ much...
It needs Windows. I'd assume 2000 and forward... But that's an assumption. It just makes sense when I think of the security of the OS's - that that's what it'd be...
Meaning if you disable autorun on all USB/Firewire/"hot-plug" devices does it potentially eliminate this threat?
I doubt it. They probably have something coded into the device that works with something "special" within Windows. But again, just an assumption. I haven't gotten my paws on one of these yet. Though I'm sure that it you look hard enough, it can be found.
Yes, rebooting from the USB key will obviate any Windows policies/settings but the goal seems to stem from getting "live" data from the system while it's running.
Yes, so from what I've read. It sounds like, the box is running. All that you do, is plug this device in, it does the rest for you. You just sit there like a good little monkey and wait till it's done. I am thinking that this device is going to be akin to the CD-rom that you could use that had the autorun setup that would disable a password protected screen saver in Windows 9x. Basically, walk up to any machine, pop in the disk, wait a minute and POOF, all done. What is really baking my noodle though - how do we protect ourselves from these? Because, one pissed off employee with one of these things could put an organization into some deep crap, real quick like... We really need more information on these devices...
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Rob Thompson Sent: Wednesday, April 30, 2008 1:21 PM To: reepex Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Microsoft device helps police pluck evidencefrom cyberscene of crime On Tue, Apr 29, 2008 at 8:35 PM, reepex <reepex () gmail com> wrote:you are a retard.As are you, re-read the article...its for live memory analysis on a running machine. not anything like a bootable Live Cd.It doesn't only read memory. It does other things as well... But not quite like a bootable CD either...On Tue, Apr 29, 2008 at 8:41 PM, Peter Besenbruch <prb () lava net>wrote:On Tuesday 29 April 2008 14:31:18 Ivan . wrote:http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.htm lIt looks like the Microsoft version of a Knoppix disk. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- Rob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This message is intended only for the person(s) to which it is addressed and may contain privileged, confidential and/or insider information. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Any disclosure, copying, distribution, or the taking of any action concerning the contents of this message and any attachment(s) by anyone other than the named recipient(s) is strictly prohibited.
-- Rob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft device helps police pluck evidence from cyberscene of crime Ivan . (Apr 29)
- Re: Microsoft device helps police pluck evidence from cyberscene of crime Peter Besenbruch (Apr 29)
- Re: Microsoft device helps police pluck evidence from cyberscene of crime reepex (Apr 29)
- Re: Microsoft device helps police pluck evidence from cyberscene of crime Rob Thompson (Apr 30)
- Re: Microsoft device helps police pluck evidencefrom cyberscene of crime Fetch, Brandon (Apr 30)
- Re: Microsoft device helps police pluck evidencefrom cyberscene of crime Rob Thompson (Apr 30)
- Re: Microsoft device helps police pluck evidencefrom cyberscene of crime Michael Neal Vasquez (Apr 30)
- Re: Microsoft device helps police pluck evidencefrom cyberscene of crime coderman (Apr 30)
- Re: Microsoft device helps police pluck evidencefrom cyberscene of crime Ivan . (Apr 30)
- Re: Microsoft device helps police pluck evidence from cyberscene of crime reepex (Apr 29)
- Re: Microsoft device helps police pluck evidence from cyberscene of crime Peter Besenbruch (Apr 29)