Peripheral devices ...
 
Notifications
Clear all

Peripheral devices forensic analysis

4 Posts
4 Users
0 Likes
3,617 Views
(@ihabm)
Posts: 5
Active Member
Topic starter
 

Hello,

I would ask you about how could I do a peripheral devices forensic analysis. If a malware can get persistence infecting a monitor, keyboard or mouse, how could analyse this?

Thanks

 

 
Posted : 23/02/2021 9:08 am
(@neeru)
Posts: 8
Active Member
 

Analysis of logs from peripheral devices could throw some light on the protocol used for transmission, IP address details. Further analysis of Process logs in the affected systems could throw some light in the process or application exploited by the malware. 

 
Posted : 28/04/2021 11:10 am
(@c-r-s)
Posts: 170
Estimable Member
 

If there is no first hand evidence for a particular activity in host logs or from sniffing the device's communication, you'd usually go for a comparison of internal storage with known good samples. It also helps to get as much vendor knowledge as possible, obtain and reverse engineer firmware, updaters, device drivers...

 
Posted : 30/04/2021 8:32 pm
Passmark
(@passmark)
Posts: 376
Reputable Member
 

Anything with software / firmware could potentially host malware and more advanced keyboards and mice certainly have firmware in them.

In practice however devices like keyboard and mice are programmed in the factory as the PCB is being made (Printed Circuit Board). A device like a JTAG programmer is often used for programming and the only way to update the programming is with physical access to the PCB and the right tools. There are some exceptions to this however, where firmware updates can take place in the field. Here is an example of open source keyboard firmware.

you'd usually go for a comparison of internal storage with known good samples

+1

 
Posted : 03/05/2021 4:30 am
Share: