I need to provide some proof for the judge on a pendrive. I bought new 32GB pendrive and would like to upload 8MB file on it and make the pendrive read only forever, so nobody tampers with it. Is it doable?
12
-
12Not without buying a drive that supports it to begin with.– Mokubai ♦Commented Sep 7, 2023 at 8:35
-
24This is an XY Problem Please ask us about the actual problem you are trying to solve, rather than how to implement your assumed solution.– TetsujinCommented Sep 7, 2023 at 8:35
-
1Alternative option, create 2 USB sticks that are identical. Give one to the judge in advance, so they have time to inspect the content, and bring the 2nd one to court when you go. Tell them that they are identical, but let the judge verify it that it is indeed what they've seen.– LPChipCommented Sep 7, 2023 at 11:36
-
4People mentioned use of a CD/DVD and also that many PCs no longer upport them. A USB interface DVD reader/writer costs a few tens of dollars and MAY bridge that gap.– Russell McMahonCommented Sep 8, 2023 at 1:45
-
4You might want to ask on Law.SE instead. Either you're going before a judge/magistrate and representing yourself in a typical way (e.g., traffic court), in which case you might not need to worry too much about forensics, or you are in a situation where you should have a lawyer and you should be asking these questions of your lawyer.– Todd WilcoxCommented Sep 8, 2023 at 15:57
|
Show 7 more comments
11 Answers
Alternative solution:
Burn the file to a CD-R or DVD-R disc. This is pretty much the easiest and most tamper-proof way to save a file 100% read-only.
-
7I agree with the sentiment of "use an actual read-only media" but sadly there is a good chance on modern machines that the receiving person may not actually have a CD-ROM drive. Many gaming PC cases do not have slots available for a CD/DVD drive and neither do many slim or ultra-portable laptops. Given how ubiquitous USB memory sticks now are and with the rise of streaming I wouldn't be surprised if there is a new generation of people who don't know what a CD/DVD is, just many now don't know what a floppy disk is.– Mokubai ♦Commented Sep 7, 2023 at 10:31
-
11I don't disagree. But it cannot be expected that a normal person is able to provide read-only information on a USB pendrive. If the read-only requirement comes from the requesting party, they should be prepared and able to read a CD or DVD. If not (which is not entirely clear from the question), then it's up to the information provider, of course. Commented Sep 7, 2023 at 10:52
-
25DVDs and CDs can be submitted in a court. A lot of CCTV footage is submitted this way. A court will have the equipment on site for playing DVD and CD media, as well as copying off files for evidence, and you can always attend court with a portable USB DVD drive if you want to be extra safe. They're very cheap to buy.– MastaxxCommented Sep 7, 2023 at 11:03
-
7Another HUGE advantage of CD/DVD is safety. While courts, etc. are all about trust between the various parties (except plaintiff and defendant...), the reality is that USB drives are well known for hosting malicious software. The average lawyer will have absolutely no idea how to effectively and completely test a USB drive for safety. CD/DVD drives, unless set to Autorun (which can easily be turned off) don't trigger anything in the operating system when you add a new disk. That is different from USB drives where the operating system has to take some real action - determine the type Commented Sep 8, 2023 at 1:09
-
11If using a CD-R/DVD-R/etc, make sure to choose the option to "close the session" / "finalise" the disc. Otherwise it is effectively possible to modify the contents later. (This modification doesn't actually modify what's already been written, as that isn't possible on CD-R etc, but it works by adding more content after the end of what's already been written that basically says "ignore some of the previous content, use this instead". Closing the session adds a marker "no more content to be added after this" so that that can't happen.)– psmearsCommented Sep 8, 2023 at 10:17
I don't know of a way of making a removable device read-only in a tamper-proof way, but here is a suggestion based on the most prevalent method now used for validating files - checksum.
Add to the disk some software that does a good checksum of your files and ensure that the checksums of the files are calculated by this software and are well-published together with the files.
The checksums of the files can then later be verified to show that the files have or have not been tampered with.
-
2This approach is actually used for evidence in many places. All parties to a court case get a USB stick, and a separate hardcopy of the checksum. Each party can verify that the information on the stick is unchanged.– PaulCommented Sep 7, 2023 at 11:46
-
9There are commercial trusted document timestamping services that will sign your document with a secure cryptographic signature that can later be verified.– davidbakCommented Sep 7, 2023 at 16:56
-
4The checksum software can be modified to show the expected checksum even though the files were modified. You have to use a checksum software from a trusted source, ideally with the trusted document timestamping service. Commented Sep 7, 2023 at 18:05
-
It may be worth noting that "a good checksum" here means a cryptographic hash function with no practical collision attacks. From what I understand, SHA-2 and SHA-3 have no publicly known collisions; SHA-1 has a known collision attack but carrying it out is expensive; MD5 has a cheap and easy collision attack; and finding CRC collisions is so easy that you could train a dog to do it. (Okay, I admit that that last one is an exaggeration.) Commented Sep 7, 2023 at 19:12
-
2"Add to the disk some software..." that makes it self-verifying - you're trying to verify that the contents of the drive haven't been tampered with by using a program supplied on that same drive - who's to say that program hasn't been tampered with. The checksums need to be provided separately and they need to be independently verifiable. Short of using a commercial service I personally would provide SHA-256 sums for all documents, and I would GPG sign the documents and the checksums.– RodneyCommented Sep 8, 2023 at 6:25
EDIT: I misread the question, for intended purpose I think harrymc's answer is better suited:
- In digital forensics 'hashing' (of files, entire drives and disk images) plays a vital role.
- What is important is that the source for the data isn't modified, so this needs to write protected any time it's accessed. A forensic specialist will typically use a hardware write blocking device.
- The source is hashed and then the evidence taken from it is hashed. * If we talk about a file, the hashes of the original file and the one on the flash drive you intend to present in court need to match.
- This (the identical hashes) proves evidence was not tampered with and whether that stick is read only or not is irrelevant.
My answer is still valid for write protecting USB flash drives.
Do-able, yes. You'd need to use an MPTool (mass production tool) and reconfigure the firmware of the drive. MPTools are pieces of software made available by manufacturers you can use to configure USB flash drives firmware.
Now that sounds all easy but there's bears:
- You'd need to determine the specific controller for the USB flash drive as these MPTools are controller specific.
- For most of these tools you'll have to find your way through either Chinese or Russian websites
- You'll find that finding the right tool in itself is difficult, but that your virus scanner will not like many of the downloads offered on these website either.
But then it should be possible to make a write-protected USB Pendrive containing your file(s).
- To determine controller, you can use the tool ChipGenius (check for malware before using). You will have to search for it, as there would be a good chance I'd directly link you to malware, which I don't want to do.
- For my own experiments I used the website
https://www.usbdev.ru/ - I recorded some of my steps here: https://youtu.be/yIuK6goBj8g
ChipGenius tool will give you the controller:
For which you try find a matching MPTool:
Final words on this, many website offer customizable USB Pendrives, so you can ask them to provide you with write-protected drives containing your content.
answered Sep 7, 2023 at 9:07
-
-
7Until you reconfigure the firmware again. The MPTools are often used other way around, to remove write protection for example (which is a bad idea in general if the drive switched itself to write-protected). Commented Sep 7, 2023 at 15:01
-
This seems like a lot of work compared to just buying a usb drive with user-facing support to permanently switch to read-only mode.– BrianCommented Sep 7, 2023 at 17:53
-
5I have no idea what you mean by "user facing support". If you know about a ready made solution I suggest you give an example of such a drive. Commented Sep 7, 2023 at 21:22
-
2@WaterMolecule: I was hesitant to do so, since I was only able to find a single company which offers them. I try not to make , "try this product" answers on SU, especially in the case of companies that I don't know well enough to endorse. Happily, Martin's answer, posted after your comment, demonstrates that this isn't the only company that sells products in this category.– BrianCommented Sep 8, 2023 at 16:13
To answer the XY problem, you don't. Preventing the drive from being written to is not even useful in thwarting someone who wants to forge the contents, because they could just replace it with an identical-looking flash drive that wasn't write-protected.
The way you solve this problem is by putting the files in some kind of archive format (like a zip file) on the storage medium, and submitting with it a strong cryptographic hash (e.g. sha256) of the archive file as a notarized paper document with your signature and the notary's signature/stamp on it.
answered Sep 8, 2023 at 17:35
R.. GitHub STOP HELPING ICER.. GitHub STOP HELPING ICE
2,0192 gold badges17 silver badges25 bronze badges
The iStorage datAshur PRO2 64 GB encrypted USB flash drive (https://a.co/d/1CUAy7w) -- and I assume other capacity variants -- support a mode where the drive may be set to read-only (and only knowledge of the administrator-mode PIN can change the setting).
See table of contents at https://istorage-uk.com/wp-content/uploads/2019/05/datAshur-PRO2-user-manual_v2.5hl.pdf
Also, the Apricorn Aegis Secure Key 3.0 encrypted USB sticks seem to have comparable features (https://a.co/d/9KYDMtd).
See table of contents at https://apricorn.com/content/product_pdf/aegis_secure_key/usb_3.0_flash_drive/ask3_manual_configurable_online_2.pdf
There are probably others as well.
-
Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.– Community BotCommented Sep 8, 2023 at 17:12
-
"(and only knowledge of the administrator-mode PIN can change the setting)" Not quite. You can wipe and reset the whole thing even if you forget all the PINs. Commented Sep 9, 2023 at 5:39
SD cards support temporary and permanent write protection (that is digital and completely independent of the switch on the full-size cards). https://github.com/BertoldVdb/sdtool is an example of a tool that can do this.
But, as others have also stated, the easiest method for making the data tamper-proof is calculating and submitting its hash too, or if you can, digitally signing it.
You don't need a technical solution here. In order satisfy the legal criteria (chain of custody) you don't need to make it absolutely technically impossible for changes to occur, you just need to be able to show that it hasn't happened.
Seal the USB inside something, like a sealed envelope. Send it to the judge. When they open it the judge knows nobody has tampered with it between it leaving you and reaching him. That is all you need to show, and all you can show. No amount of "read only" technology can guard against tempering by you (I.e. you deliberately sending the wrong data) and it's assumed the judge won't tamper with it. (If he would then there are much bigger problems).
Simultaneously keep a copy of the data yourself so that if a question arises you can compare it with your copy. You are going to be asked to testify about the provenance of this evidence anyway, so if a quick comparison test will allow you to say "yes I'm sure that's the data I sent" that will help.
If this is a legal thing you are going to be asked if this is the correct data, since you provided it. Nothing else will satisfy the law.
Simply send the Pen drive wrapped in a sealed envelope with "TAMPER" evident tape on the join, and perhaps holding the cap on. Hand-deliver it to the judge's office and get a receipt.
Separately, email the same file.
Separately, post a printout in the regular mail.
Finally when/if you go to court, take your own printouts as well.
This presumes the documents are not secret/confidential. Consider that the judicial process is not out to get you. Instead of worrying that the judge's team as an enemy, work on preparing your case to be watertight.
If you or your rep DID spot an inconsistency during proceedings, then raise an objection and handle it there.
Some label printers can use tamper-evident tape to make labels. Many of these tapes will say "void", which would be perfectly adequate.
What you actually want is something like an image file with a checksum. You can also link it to one of the crypto blockchains, giving it a date that can't be refuted. But the judge probably can't even use his email without help ... The tools exist; no one knows how to use them. In steps third party sending and sign services, like DocuSign. That route is probably best.
The solution you're looking for is cryptographic signature by you (it identifies you as a certifier of authenticity), and a secure time-stamp (proves that the signed file existed at the time of stamping). The recipient can use independently verify that the secure stamp is valid (ie, the object has not been tampered with).
You could/should include a README that explains how secure timestamping works, in case the judge is not tech savvy, so he doesn't need an expert witness to verify the timestamp.
A USB drive can be replaced with another, identically looking, but with different contents. A tamper proof envelope can be replaced with another.
The CD-ROM can be attacked in the same way, by replacing the CD-ROM with a fake.
If the adversary has the opportunity to attack the authenticity of your evidence (and if the court is not completely corrupt), they can find a flaw in your technique and create reasonable doubt that the evidence is not authentic.
I had a USB pen drive back in the days of old which was 32 Mbytes, USB1, and so physically big that it came with an extension cable just to reach the socket.
However it also had a small write-enable switch on the side of the pen drive. Assuming you could find something like that with a hardware switch, then write your file and use epoxy to (neatly) lock the switch in place. You could also use a soldering iron to melt the plastic.
That might be ugly, so a higher level would be to write your file and a separate MD5sum file, then open the pen drive and either short or bridge the switch so its stuck in the Write Protect mode.
The workaround would be to undo your soldering, but any miscreant would have to know it is there.