Talk:Forensic disk controller

EquationGroup Malware / GROK Malware / EquationGroup with EyeFi function
As soon as a harddisk would be infected with malware like EquationGroup Malware this Malware would maybe recognize the Forensic disk controller and would start some sort of clean up job. clean up job would of course involve to delete relevant things like top secret documents maybe based on an escape sequence, but would maybe also add some illegal content like pedophilia content do discredit the person that was caught by the police. Further research required, if i try to get time slots on the electron microscope ãt FHNW for to find out details about the hardware chips that resides on common disks i normally end up in a mental institution (HUMINT, Manipulaition is the main business of shrinks) and they then give me tons of intelligence reducing anti-psychtics...

FailDef (talk) 19:27, 7 November 2020 (UTC)

Hardware to expensive for what it does
If one would like to buy a forensic controller, they are often very expensive, often more than $1000. I bet one could mass-produce such a simple device for, e.g., $20, with no display. As a mass product for 20€ one would just attach it if unsure if computer infected with virus or if the data is very prescious.

Would just filtering the WRITE(xyzBlockAddress, Data) packets on the D+ and D- wires.

USB Mass Storage Class, USB_SETUP_TOKEN, bmRequestType.

There are some products for €20 that do such things on external USB-SATA adapter boxes, e.g., Icy Box IB-241WP, Icy Box IB-256WP.

And there are already some open-source projects, but I have not tried them myself so far.


 * https://xbloro.github.io/tool/DIY-WriteBlocker/
 * https://www.instructables.com/Cheap-and-Effective-USB-Write-Blocker/

And there are also some USB-Sticks with a write protection hardware switch, but they work different, this switch is attached to the WE or ¬WE of the flash chip, does not affect CS (ChipSelect) or CLK (Clock)

31.10.133.52 (talk) 08:58, 1 May 2024 (UTC) Landev