Digital Forensics Dispatch
Digital Forensics Blog
by Sensei Enterprises, Inc.
Researchers Bought 100 Used USB Drives on Auction Sites and Performed Data Recovery: See What Was Found
December 3, 2020
Researchers at Abertay University in Scotland performed a cybersecurity study by purchasing 100 used USB drives from the internet and examined them for retrievable data. The study, led by student James Conacher, investigated whether sellers are aware of how to properly sanitize their old USB drives of personal data before sending them out. To begin, the used drives were purchased from the auction site eBay and a forensic analysis was performed of each drive received.
Out of the 100 analyzed drives, only two contained data that was “immediately visible”, meaning the drive contained active files that the seller made no attempt to delete. 32 of the drives contained no recoverable data, and the remaining 68 drives had data that was recoverable to a certain degree. Out of the 68 drives that had data available to be recovered, full file recovery was possible on 42 of the drives.
The recovered files were then categorized into three types: low, medium, and high sensitivity. Recovered files that were classified as low sensitivity contained data such as downloaded videos, operating system installation files, and various student work. Medium sensitivity files contained various images with location data included, personal photographs, and clinical trial studies. The most concerning high sensitivity files contained data such as password lists, CVs, bank statements, invoice records, and health reports.
When making used USB drives available for purchase online without securely deleting the contents beforehand, there is immense risk on the part of the seller. However, there is also the component of buyer risk. Those who have expertise in the field of electronic evidence often lean on the side of caution when inserting used USB drives into their devices, attempting to steer clear of the possibility of malware. Out of the 100 analyzed drives, there was no evidence to suggest any drives had installed malware on them. However, the findings do not make the scenario any less possible.
To conclude, when selling USB drives online, there are techniques to utilize to ensure data security. It is recommended to make use of widely available software that has the ability to completely wipe all the contents of the drive prior to sending the drive off to a new owner.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics