PPRuNe Forums - Computer security

PPRuNe Forums (https://www.pprune.org/)

- Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)

- - Computer security (https://www.pprune.org/computer-internet-issues-troubleshooting/577639-computer-security.html)

Computer security

Here's one for the experts
You have some files on a secure flash drive
You plug the drive into a computer (not yours)
You unlock the flash drive
You view / change on of the files on the flash drive
You save it back to the flash drive
You unplug the flash drive and walk off into the sunset

What do you leave behind? Will the computer have left an unwanted copy of the file lurking somewhere? This question came about because I loaded a file from a Kingston secure USB drive and found that I was able to carry on editing the file with the drive removed - does this mean a copy was on the PC somewhere? If so - does it get securely trashed when closed?

Hmmm - I did that once a few years ago in a Far East Internet Cafe that looked quite reasonable - just before leaving I ran a search for recent files on the hard disk and discovered something had made a nice copy of my working files ..................

for backup purposes I'm sure..........

Quote:

You plug the drive into a computer (not yours)

Windoze will then write a little record in its USB device database of the serial number of your device. Should you visit the same computer next year with the same device then it will remember you.

Quote:

You view / change on of the files on the flash drive

The viewing program has no idea how to unencrypt the files on your device, you already did that in your previous step, now your files are open slather to anyone who has access to the computer your device is plugged into.

USB stick encryption is only good for physical loss of the USB stick and not much else. Accessing sensitive data via a public computer is simply insecure regardless of the measures taken (except the one were special polarised glasses are needed to be able to read the screen).

Quote:

USB stick encryption is only good for physical loss of the USB stick and not much else. Accessing sensitive data via a public computer is simply insecure regardless of the measures taken (except the one were special polarised glasses are needed to be able to read the screen).

Is that an embedded feature unique only to a specific computer, monitor or embedded in the file itself such that on any computer/monitor combination it can be read only with polarized glasses?

It's the 'gone forever' bit that concerns me. So once the file is saved back to the USB stick and closed would it be posssible to use (say) Recuva to resore it? Assuming the recovery attempt is immediate and the OS hasn't overwrit it.

If you're still around having saved the file to stick, then remove the stick without closing the file, then delete every morsel of the file (inc embedded graphics etc. if appropriate) and then save the empty file.
They can't touch yer for it.

@tone,

Where you plug a usb stick into a host computer and then use software on that computer there is a high probability that some fragment of the data will be copied onto the host and remain there in a recoverable form (admittedly, requiring some tools, but they are so easily available online that that is not an issue to any third party).

The key questions is:

If the file is so sensitive - should you be plugging into an uncontrolled host?

If they answer to that is yes that you need to work on it on a third party system then perhaps a better approach is to create a live linux usb with its own persistent storage so that you do not use any software on the host. That is certainly possible with Kali linux (I haven't used it myself so this is not a recommendation just a statement of the possible):

If you are even more paranoid you could use tails which is a live cd for use with the TOR system:

https://tails.boum.org/

Although that may well attract the attention of black vectra drivers.

EG