I'm looking for something in writing that talks about testing the registry edit that blocks writing to USB devices. I've done some minimal testing on it myself and found it, thus far, to be effective, but I haven't done any extensive testing.
Anybody know of any reports or thorough testing that has been documented on this ?????
Thanks.
I'd also be extremely interested in this to see if my in-house testing matches others.
I'm wondering if a piece of software akin to http//
It might help to see the process that you guys have followed already…
It might help to see the process that you guys have followed already…
I'm going to do this from memory because I dont have my notes with me.
1. Wipe a CF Card with 0's
2. Format
3. Hash with no write block
4. Remove card - reboot computer - put card back in and hash again
4a. note - hash was same as #3
5. Add text file
6. Hash
6a. note- hash obviously changed here
7. Remove card
8. Apply registry write block
9. put card back in and hash - no change from #6 hash
9a. remove card and replace
9b. hash - no change from #6 hash
10. Try to delete text file (failed)
11. Hash - no change from #6 hash
12. Try to create new text file (failed)
13. Hash - no change from #6 hash
14. Try to paste text file into CF card (failed)
15. Hash - no change from #6 hash
16. Copy text file from CF card to C drive (worked)
17 Hash - no change from #6 hash
I did the same create/copy/paste without the registry modification too. I'm sure I missed some steps, but for the most part you get the idea. After the registry write mod, there were no hash changes.
Any suggestions? I just downloaded a copy of the NIST recommendations for testing software write blockers. I'm going to pour over that in the next couple of weeks, but I was looking for anything written where someone has already tested it and what their results were.