Jump to content


USB Malware and WinFE

  • Please log in to reply
1 reply to this topic

#1 bshavers


    Frequent Member

  • Developer
  • 130 posts
    United States

Posted 08 October 2014 - 08:34 PM

The recent release of USB malware, in which any USB device is suspect of being infected after plugging into an unknown-if-clean machine, makes a problem for bootable USB devices in forensic collection.  Some of the very scary claims to the USB malware are (http://news.discovery.com/tech/gear-and-gadgets/warning-usb-malware-code-unleashed-141006.htm):

  • Alter files from thumb drives
  • Redirect Internet traffic
  • Tap and spy on USB-enabled smartphones
  • Hijack keyboards to type commands
  • Potentially inject malicious elements as files are being transferred
  • badusb.jpg?w=377&h=254

That is bad stuff for a forensic bootable USB device.   I’ve seen a few suggested solutions to the USB infection issue, but the fastest solution with WinFE is to burn to a CD/DVD instead of making a USB bootable.  Problem solved.

Building a WinFE is still very very very very easy.  Using the Mini-WinFE build, I just timed creating a WinFE DVD is less than 6 minutes.  That was a few minutes with Winbuilder and a few minutes burning the ISO to DVD, while taking my time in the short process.  If you haven’t yet built a WinFE, the process is almost completely automated.  Just point Winbuilder to your Windows 7/8 source and press go.  Less than 5 minutes later, you have a forensically sound, bootable ISO/CD/DVD/or USB.

Granted, creating a WinFE CD/DVD in less than 10 minutes is not going to save you time compared to imaging a removed hard drive using a hardware imaging device.  But…if you have LOTS of machines to image, booting the machines to be seized to WinFE most likely will be faster than removing hard drives and sharing hardware imaging devices.  And for those pesky drives that won’t come out, WinFE may be a good solution than fighting with an ultralight, can’t-find-the-screws-to-remove-the-darn-hard-drive machines.

1279 b.gif?host=winfe.wordpress.com&blog=1427

View the full article

#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15275 posts
  • Location:The Outside of the Asylum (gate is closed)

Posted 09 October 2014 - 09:41 AM

Just for the record, NO. :frusty: (in the sense that what was released was NOT news, and is NOT the end of USB as we know it).

It has been hyped into FUD. :ph34r: :unsure: :dubbio:

Read attentively this page by one of the two Authors:


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users