Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 981
- Points
- 113
On the need to use USBkill
Disk encryption is just one step towards security. As a rule, the special services act as follows: they wait for the victim so that she does not have time to turn off the computer before the arrest. Even a lockscreen will not save you, because the encryption keys can be extracted with special devices from RAM when the OS is loaded with special devices, having physical access to USB ports. This problem is solved by the USBkill script github.com/hephaest0s/usbkill
Principle of operation
In the script, you can specify a whitelist of your USB devices, and a constantly running process monitors the USB ports, and if something is inserted there, it immediately turns off, reboots, or hibernates your computer (optionally, set in the script) ... In a sense, it is a mini-tool against forensic science. Thus, forensic examination can be avoided. Of course, provided that the computer's hard drive is pre-encrypted.
1) If the user has completely encrypted his hard drive, and during the arrest managed to pull out the flash drive (which caused the computer to shut down), which is much faster than looking for all sorts of "Shut down" buttons in the interface, then the police will need significant time and effort to gain access to the data ... Naturally, if disk encryption is not enabled, then this tool is useless, since even without knowing the password, it is very easy to get data from an unencrypted disk. To do this, however, you will probably have to fasten the flash drive with some kind of cord to your hand in order to facilitate the process of "getting" the flash drive in case of arrest.
2) Another possible scenario is protection against hacking, when someone with malicious purposes inserts a flash drive into your computer (without your knowledge) in order to hack or infect with a virus, then such a script will also turn off the computer when another flash drive is inserted.
For example, you can carry a USB stick on your wrist and plug it in only when you need to run usbkill. If your laptop is forcibly taken away, the flash drive will be removed from the port and crash the system. It's like a self-destruct button.
To run, run the command:
Code:
sudo python usbkill.py
