Advice Request Setup for Analyzing Potentially Infected Devices?

Please provide comments and solutions that are helpful to the author of this topic.

Stretch_

Level 1
Thread author
Sep 25, 2021
23
What type of software and hardware would be recommended for a setup that is used to analyze potentially infected devices?

On a software level I am familiar with virtualization and imaging software that would likely be good to use in such an application. I am less familiar with what a good hardware recommendation would be for such an application.

In particular, preventing devices that are being analyzed from writing to the system they are connected to would be a priority. Beyond that, hardware level issues such as BadUSB represent another threat that I am unsure of how to avoid.
 
  • Like
Reactions: eonline

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
There are many tools, for example:
  1. AV Rescue Disk (like Kaspersky Rescue Disk).
  2. Sysinternals tools (like Autoruns, Process Monitor, Sysmon).
  3. Wireshark.
Also using Windows Defender Application Control (Device Guard) in Audit Mode can be very helpful:
https://posts.specterops.io/threat-...ntrol-device-guard-in-audit-mode-602b48cd1c11

For testing potentially infected devices like USB devices, it is recommended to use a special hardware environment or a separate testing computer.
 
Last edited:

Stretch_

Level 1
Thread author
Sep 25, 2021
23
There are many tools, for example:
  1. AV Rescue Disk (like Kaspersky Rescue Disk).
  2. Sysinternals tools (like Autoruns, Process Monitor, Sysmon).
  3. Wireshark.
Also using Windows Defender Application Control (Device Guard) in Audit Mode can be very helpful:
https://posts.specterops.io/threat-...ntrol-device-guard-in-audit-mode-602b48cd1c11

For testing potentially infected devices like USB devices, it is recommended to use a special hardware environment or a separate testing computer.
Nice suggestions.

Has anyone developed a robust solution to testing potentially infected USB devices? In particular, something hardware-based that could add write protection and help protect against hardware level concerns such as BadUSB?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Nice suggestions.

Has anyone developed a robust solution to testing potentially infected USB devices? In particular, something hardware-based that could add write protection and help protect against hardware level concerns such as BadUSB?
I am not sure if you look at the problem from the right side. If someone will perform Bad USB attack on your computer, then the USB device will be intentionally prepared for it. Here is an example of such an attack:
The write protection of USB drive is not related to such attacks.

Typical USB drive infections are of another type. You can use a flash drive with physical write protect switch to prevent flash drive infection when connecting it to the unsafe machine.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top