Forensic Detection of External Drives
A problem facing corporate security staff in the beginning of the 21st century is data leakage. Employees intentionally or unintentionally storing data on external drives and removing them from the premises is an issue. Forensic detection of these external hard drives requires specialized software utilities.
Other People Are Reading
-
Detection Software
-
Integrity software provides one method of detecting external hard drives. In Microsoft Windows, for example, when a USB drive or external hard drive is connected, the operating system detects this activity and makes several changes to the registry. Many file and registry integrity applications will detect and report on this activity and store this information for forensic purposes.
Logging Software
-
At the same time, the operating system stores this information in its logs. Logging applications collect and store this data. An IT security examiner reviews this forensic data for unusual activity, such as the connection of an unauthorized external drive to the system.
-
Data Leak Prevention Software
-
In addition to detecting users leaking data through email, websites or other mediums, data leak prevention software detects and enforces USB drive policies. Some applications lock down USB ports to prevent external drives from being used; others allow usage but track activity.
-
References
- Help Net Security: The Right Formula for Data Leak Protection; Nick Lowe; September 2007
- Tripwire: Tripwire Enterprise Delivers IT Compliance and Data Protection
- Splunk: Operational Intelligence, Log Management, Application Management, Security and Compliance
- DeviceLock: Endpoint Data Leak Prevention (DLP)
- Photo Credit Jupiterimages/Photos.com/Getty Images
