Australian Digital Forensics Conference

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Abstract

The use of the USB storage device, also known as the USB drive, a thumb drive, a keychain drive and a flash drive has, for the most part, replaced the floppy disk and to some extent the Compact Disk (CD), the DVD (Digital Video Disk or Digital Versatile Disk) and the external hard disk. Their robustness, size and weight make them easy to transport, but also to lose or misplace. They are inexpensive and are often given away as promotional items by organisations. Over the last few years there has been a dramatic increase in the storage capacity of these devices, going from a few tens of megabytes to a current capacity of around 64 gigabytes (equal to around 13 DVDs). The larger capacity and continued low cost has vastly increased the potential uses of the devices and also the volumes and types of data that they may contain. There have been four annual studies carried out by the same research group to look at the level of data remaining on second hand computer hard disks and one study looking at data remaining on hand held mobile devices such as mobile (cell) phones and RIM Blackberry devices. With the increasingly common use of the USB Storage device as a means of transferring and transporting data, coupled with the increasing storage capacity and decreasing cost, it was felt that the research should be extended to include the examination of USB storage devices to determine the level of threat they may pose. The purpose of the research has been to gain an understanding of the information that remains on the USB storage devices and to determine the level of damage that could, potentially, be caused if that information fell into the wrong hands. The study examined USB storage devices that had been obtained in the UK to determine whether the way that the disposal of USB storage devices is addressed achieved the desired result, to determine the level of information remaining on the devices and the level of risk that this may create. The study was conducted by the British Telecommunications (BT) in the UK, Khalifa University of Science, Technology and research (KUTAR) in the UAE and Edith Cowan University in Australia. The basis of the research was to acquire a number of second hand USB storage devices from a range of sources and to determine whether they still contained information or whether it had been effectively erased. If they still contained information, the research looked to see if it was in a sufficient volume and of enough sensitivity to the original owner to be of value to anyone with malicious intent that had obtained it, whether a competitor or a criminal. The results of the research were that in most cases, the USB storage devices contained a significant volume of information. As with the findings of the second hand disk studies, where the USB storage devices had originally been owned by organisations, they had failed to meet their statutory, regulatory or legal obligations.

Comments

Originally published in the Proceedings of the 7th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, December 3rd 2009.

Share

 
COinS