Information Security
virus usb-drive flash-memory
Updated Tue, 31 May 2022 20:41:16 GMT

Securely obtain information from a USB Flash Drive /Thumb Drive avoiding viruses


I have just been passed some data in a thumb drive (which I was expecting). While I'm not too sure exactly what format the data will be in, it should be a mixture of numbers and text, possibly in one of the Microsoft office document formats.

My concern now is how to (1) access the files safely without receiving any virus or passing any virus to the drive, and (2) eliminating any virus if there exists any in the drive.

I'm using a Macbook still running El Capitan 10.11.5, and while it seems like most viruses target windows, I'm not taking any chances. I'm concerned about the kind that just activate and replicate automatically the moment I plug my drive in.

One idea I have is to just purchase a cheap new laptop, be it a mac or windows, and plug the drive into it while making sure its disconnected from the internet. Then I'll run some antivirus scans to discinfect the drive, and once I'm sure about that, to extract out the data files and store them into another flash drive, and use the other flash drive from then on.

It seems like I'm being paranoid, but I think there is good reason to be suspicious here, because the files contained in the drive are confidential information.

Any suggestions will be greatly appreciated! Thank you very much!

EDIT I couldn't really find any other questions that had answers for mine, because in my case, I really need to do analytics on the data files contained in the drive, so beyond just ensuring safety when plugging in the drive, I need to know someway to cleanly transfer all the data to my local system so that I can do data analysis.

FURTHER EDIT Appreciate the links to possible duplicate questions, but on examining the answers there, I still couldn't find a definitive answer. The best answers I could find were the following, but they still lead to more questions rather than an actionable solution that I am comfortable trusting to be safe:

(1) The answer by @mostlyinformed on Is there any way to safely examine the contents of a USB memory stick? did help by suggesting the use of a new cheap tablet that one is willing to sacrifice, but offered no answers on how one could extract out all that data. Supposing I am able to access all the data as a one time use on that cheap tablet. Then what next? I really need to pull all that data, which is going to be about a few hundred objects...

(2) Otherwise, most of the other answers like the one by @Andre Borie on I have a virus in my USB drive. I haven't inserted it on my PC yet. How should I proceed? don't really help in making me feel like there's any fully safe way. Is there always going to be some risk that I cannot eliminate????

I would greatly appreciate it if someone could answer my questions. Please pardon my "noob-ness" but I'm a total non-expert, but really need to extract out all the data from the thumbdrive and analyze it. I'm not fooling around with a thumbdrive that I just picked up from the ground in a carpark or something. This is a serious drive that contains serious data associated with IP/trade secrets. While I received the drive from a trusted party (I'm not involved in some secret operation that just stole some trade secret off a firm or something, what I'm doing here is legit accessing of confidential data), I'm not sure if the data was written to the drive on an infected machine or not, and whether the person who prepared that drive (who is different from the person who passed me the drive) had a malicious intent or not, so I'm being careful to be safe. Everyone's situation is unique, so please understand that my situation is not well addressed by many existing answers.




Solution

Open the document in the live linux environment as mentioned, then copy the contents to a new document with an open source office environment. This will eliminate any exploits in the file format or malicious macros. Any malware in the USB sticks firmware will be rendered practically ineffective by the linux environment as mentioned.





Comments (5)

  • +0 – Thank you for your suggestion. I can understand that your method would make it possible for me to extract out the data from the drive without copying the viruses along, but how would I be able to save the data? Would I be saving the new open office documents into disk? Wouldn't I be risking compromising the hard disk, since if the disk is still accessible during the live linux session, the virus can write itself to it? — Jan 03, 2017 at 15:10  
  • +0 – The other way I can think of, is that maybe I use another second USB stick and save the open office docs into that second USB stick all while working under the Live linux environment? Is that safe??? — Jan 03, 2017 at 15:11  
  • +0 – Do I actually have to worry about the hard disk being accessible during the live linux boot? — Jan 03, 2017 at 15:12  
  • +0 – Only theoretically if you're worried about state-level actors ( e.g. NSA ). commercial malware authors will not have the sophistication to maliciously write to the HDD from a USB — Jan 04, 2017 at 08:11  
  • +0 – The other USB would work as well, but this might even be more high-risk then saving it to the local HDD because USB firmware is easier to infect than HDD firmware — Jan 04, 2017 at 08:12