This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Do you have a USB drive loaded with your favorite tools? What is your setup?

Do you have a USB drive loaded with your favorite tools? What is your setup? Personally, I have a 64GB flash drive with a few partitions in it.

I have one partition with all my windows based tools and the remainder of the free space from the other partitions.

In my other partitions I have everything from Linux boot disks (Tinycore, DEFT, Kali, WinFE <<Awesome for those who are just learning forensics OR want a bootable Windows installation with programs already in it.)

On another Partition I have some bootable tools like

  • Hiren's Boot CD,
  • SpinRite,
  • Windows 7 AIO Installer Disc(x86/64 All versions w/ N and enterprise),
  • Win XP AIO x86/64 Installer Disc ( I know, but it does recovery console too and we have some production floor machines (literally printing presses and punch machines and things like that) that still run it),
  • (Working on Making Win 8 and 8.1 AIO Installers)

And I put those in the last partition (Hirens to Windows AIO Installers) all on one partition using YUMI.

What are your favorite tools to bring with you?

  • You folks are (maybe?) pretty lucky to have those tools on a thumb drive, which can be used on demand.

    My company doesn't allow USB sticks or access to USB drive slots unless the drive is formatted and encrypted via Credant.  That way we keep folks aware of the risks associated with picking up a stray USB and jacking it into a network computer, and spreading a virus.

    It also keeps sensitive data safe--first off by keeping it off thumb sticks, and second off by encrypting them with Credant.  That second option's important since some VIP's have rights to use the USB drives.

    Credant allows the encryption & reading of those thumb sticks, thus helping us keep sensitive data safe.

    Instead of a thumb drive, I keep many of those tools listed in a network share, and also on my laptop in an encrypted SSD.  If I lose the laptop, I don't worry about the data in it.  If I'm at a site without that laptop, I've got the tools on the network.

    Yes, there'll be exceptions, cases where I may not have the access to tools that a thumb drive would provide.  But we keep more secure without those drives, and I just keep an eye on my laptop, keeping it safe so I can rely on it in case a site's WAN should fail and I have to go onsite where there's no access to the network share.

    It's not the only way to go, just "A" way.  There are others that probably work perfectly for other companies.  Credant's the way we went, no voting on it was allowed--IT Security mandated it, that's good enough for me.

  • I presume you have bios locks technical policy restrictions in place or is this just a written down policy, as the tools listed in the first post could be deployed before any group policy is installed.

    As we're in the network team we don't have a lot of call for usb rescue aside from router configs and firmware.

  • Yep, everything is locked down in A/C, Bios--AND in corporate policy.  Users can't, and aren't allowed, access to removable drives without corporate permission and configuration changes on their accounts.

  • In a previous role we had the same setup and found people were more likely to use a random cloud service to share the large files instead, as a result we had to invest in much better internet monitoring.

  • It's always something.