I recently forgot my USB drive at work and a collegue found it. I got the drive after 4 days. I have a feeling my colleague accesed or copied my personal files.
How can I find out?
You have no means to know whether he copied the files or not,as such auditing can be enforced only with particular domain policies on machines where users have no privileges.
For example, you coworker could have unplugged the USB stick, and plug it on his personal computer. It worse, if he had Linux, just mounted the USB stick in read only to prevent timestamp changes.
Note that on windows you can do the same. To prevent thefts, you should encrypt the USB stick.
Related
I am not sure if this is correct but I did see an advert in the newspaper about secure remote access using two usb. One USB is plugged into remote PC and the other USB plugged into the machine through which I am connecting from. It creates the secured remote access without any need of third party software like logmein or gotomyPC or any other commercial remote software.
Can anyone suggest if this is possible and if anyone currently doing this ?
There are 3 basic ways:
secure everything on your pc, by encrypting all files on it with USB
dongle, for example GuardKey or any similar. Btw in China this
method is very popular to keep files safe and no files leaking
outside companies as file actions are logged (can't say what exact dongle they use);
make secure connection between computers by using VPN tunnel
(very popular these days for users), no extra hardware needed;
For server is HSM (hardware security module) what can be as a
box and is considered as military grade or cheaper solution USB
dongle and on other end USB dongle or embedded chip capable to
decrypt and crypt all in/out going data stream usually combined with
KMS (key management software) what can be embedded in hardware or
separate install-able.
Is there a way to retrieve a Windows CE 6.0 image from a working hardware device that uses Windows CE?
This depends on the kind of device you are using.
Many x86-based devices boot from HD/CF/SSD/SD devices that are formatted as regular media devices. You can connect them from a PC and you may be able to find the boot image (you may use nk.bin or a compressed format).
But this is true only if the OEM did not put in place some measures to prevent you from doing that.
For devices that boot from flash accessing their contents is more complicated and, in any case, device specific. Some devices can boot in a different way, allowing you to load a firmware that is commonly used to update images, sometimes it can also recover the existing one, but it's not granted.
Taken for granted that you are trying to do that for legally acceptable reasons, if you can provide a "bigger picture" description of why you need to do that, you may find alternative ways to solve your problem.
I have a special bespoke device with a USB interface. When plugging in the device to my laptop - Ubuntu 12.04 it mounts as a read only USB drive - with a file on it. This file is created by the device and writes to the file when the device scans stuff.
I however, want to be able to write to the drive so the device 'thinks' it has already scanned x amount of entries.
Basically I want to replace the file 'File1.txt' my version of 'File1.txt' however I cannot because the drive is mounting as Read only.
I have tried the following commands:
andy#andy-ThinkPad-W530:/media/iRead$ touch giveme.txt
touch: cannot touch `giveme.txt': Read-only file system
andy#andy-ThinkPad-W530:/media/iRead$ sudo mount -o remount,rw '/media/iRead'
[sudo] password for andy:
mount: cannot remount block device /dev/sdb read-write, is write-protected
andy#andy-ThinkPad-W530:/media/iRead$
Can anybody suggest anything I can try to mount this as writable drive?
I have a very strong feeling that the chip which is storing this data is the following:
ARM STM32F103 RBT6 22oUP _ 93 MLT22950
Hope this helps somebody to help me!
If processing write commands coming from USB wasn't part of the requirements, it's very unlikely that the device processes write commands.
A read-only USB mass storage device is not a read-write mass storage device with write-protection slapped on top. It's a USB device that doesn't have logic for understanding write requests at all.
After the device is finished and delivered is a little late for deciding
I want to be able to write to the drive so the device 'thinks' it has already scanned x amount of entries.
Of course the flash memory used inside the device is written during its operation. But the way data is stored inside might not look anything like its USB presentation, and the conversion is most likely one-way only.
Since the developer probably did not implement mass storage support from scratch, and the library they used probably has write support, they may be able to easily supply you with firmware modified to be writable and do something with the written data. But without changing the firmware, you get nowhere.
Where in the Linux kernel source code can I find the function(s) that deal with sending data to a USB flash drive? By "data", I mean the actual file contents. For example, when I drag and drop "Report.docx" to the USB thumb drive, I need to be able to intercept this data to the point where I could modify the contents of the file before it is written to the USB thumb drive.
I understand that the USB storage module (drivers/usb/storage) is where USB mass storage devices like thumb drives are handled, but I failed to find the right place to look. I looked around transfer.c but my debugging attempts just show the functions get called whether or not I'm transferring any files. Also, from my understanding, everything is done with URBs and I'm not clear on how to deal with those. Am I looking in the right place?
For the purposes of my project, I need to modify the driver (not using any third-party libraries or user-space code). I am working with Linux 3.12.0.
Not an expert in usb subsystem, but I would start by looking at
drivers/usb/storage/transport.c::usb_stor_bulk_transfer_buf()
I'm trying to develop an automount for cryptofs encrypted devices/partitions. The thing is that I don't have experience in the low level layer of Linux.
Is there any way I can detect when a cryptofs device or partition has been inserted in the system? (p.e. when you insert a dongle with a regular partition and an encrypted one)
Never tried but I would follow this approach:
In Linux plug and play is handled by hal and/or udev. hal is bit older and most of the recent distributions uses udev.
You can start looking into "libudev". Using libudev api's you will be able to get the information about connected devices.
This should help: http://www.signal11.us/oss/udev/
After that, open the device and start reading the filesystem information and figure out if it is cryptofs
See, if this answer helps: How to programmatically discover the filesystem without mounting the device (like "fdisk -l")