What Can You Discover from a USB Stick Found in the Grass?

  • Thread starter Borek
  • Start date
  • Tags
    Usb
In summary: TUSFitG, the USB-based Forensic Tool for Geeks!In summary, the TUSFitG is a forensic tool that can be used to reconstruct the story of a USB stick. It requires some reading, thinking, and common logic, and is in range of a reasonably savvy computer user.
  • #1
Borek
Mentor
28,975
4,289
Some of the older forum regulars can remember my strange questions asked over two years ago about ways of stopping NTPD, freshmen may remember my questions about ways of expressing some things in English. As strange as it may sound all these questions were related to the same project. I got to the point where I can share the details.



So, what it is about? It is a forensic challenge - you are given a USB stick and you have to find out who the owner was and reconstruct their story. It requires some reading, some thinking, some common logic and some computer skills. A bit nerdy, but designed to be in range of a reasonably savvy computer user, no need for PhD in hacking.

I had plenty of fun designing whole thing and working around some of the unexpected obstacles. The idea was to make the stick look like if it was used for many years to transfer random files between computers. When the files are added, copied, removed, it all leaves invisible traces in the FAT and the directory structure - and to be convincing the stick needs to have all these traces intact. For example: files can have up to three dates - creation, last modification, last use. All these have to reflect the story and look convincing, and it is not trivial to do so, as OS tries to use real time and tries to get this real time from the net using NTP, so I had to ether somehow block the clock and NTPD, or use a computer that was isolated form the outside world. And that's only a simple example of problems I had to solve, I learned more about some intricacies of different OS-es and structures of different types of files than ever before. Actually I am not 100% sure I haven't missed something, although so far nobody told me about any inconsistencies.

If I had plenty of fun making it, judging from the reaction to the Polish version people have plenty of fun looking for answers.

Fell free to add the add the TUSFitG to your Steam wishlist if you have one, after all that's why I am posting about it :wink: Yes, Greg knows.
 
  • Like
Likes hutchphd, DennisN, Drakkith and 1 other person
Physics news on Phys.org
  • #2
Just so you know, if you are running under Windows you can write a simple program to change any of the 3 dates to whatever you want.
 
  • #3
mfw picking up random USB drives: do you want stuxnet? that's how you get stuxnet.
 
  • #4
Pythagorean said:
mfw picking up random USB drives: do you want stuxnet? that's how you get stuxnet.

And with USB Killer you just fry the motherboard.
 
  • #5
phinds said:
Just so you know, if you are running under Windows you can write a simple program to change any of the 3 dates to whatever you want.

Yes, that's how I did another part of the project, but scripting the copying part was much easier to implement under Linux, and Linux basically supports only two of these dates.
 
  • #6
Just launched :smile:

 

Related to What Can You Discover from a USB Stick Found in the Grass?

1. What is the significance of the USB stick found in the grass?

The USB stick found in the grass could potentially contain important data or information that could be relevant to a certain investigation or research. It could also be a potential security threat if it contains sensitive information.

2. Who could have left the USB stick in the grass?

It is difficult to determine who could have left the USB stick in the grass without further investigation. It could have been accidentally dropped by someone or deliberately left by an individual with malicious intentions.

3. How can the data on the USB stick be retrieved?

The data on the USB stick can be retrieved by connecting it to a computer or other device with a USB port. However, caution should be taken as the data could potentially contain viruses or malware.

4. Is it safe to use the USB stick found in the grass?

It is not recommended to use the USB stick found in the grass as it could potentially contain harmful viruses or malware. It is best to consult with a professional or use caution before attempting to use it.

5. What should be done if sensitive information is found on the USB stick?

If sensitive information is found on the USB stick, it should be reported to the appropriate authorities immediately. It is important to handle such information with care to avoid any potential legal or security issues.

Similar threads

  • Programming and Computer Science
Replies
2
Views
1K
  • Computing and Technology
2
Replies
36
Views
3K
Replies
14
Views
2K
Replies
0
Views
1K
Replies
142
Views
7K
  • Computing and Technology
2
Replies
60
Views
7K
Replies
7
Views
2K
  • Computing and Technology
Replies
25
Views
2K
  • Electrical Engineering
Replies
11
Views
3K
Replies
15
Views
5K
Back
Top