Purdue Researchers Develop Software That Stops Disk-Wipe Malware

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,576
Purdue researchers have come up with a way to block disk-wipe malware from carrying out its dirty mission and they call it R2D2. R2D2 is short for Reactive Redundancy for Data Destruction Protection and it can analyze write buffers before they take action and then block destructive writes. All of this is done with minimal latency for batch tasks and up to an additional 20 percent latency for interactive tasks. Files on a whitelist are allowed to be written over and those on the blacklist are preserved. All in all this sounds like something that would work hand in hand with a good backup regimen. You can check out the pre-press version of the paper here.

The system has been tested against various secure delete tools and malware like Shamoon and Stonedrill, and they claim complete success against “all the wiper malware samples in the wild that we experimented with”.
 
What I really want is a way to switch off the garbage system on SSD
 
It took researchers to figure this out? *blinks* Seriously? That was the obvious solution. Photos rarely get overwritten. Common db files rarely receive large changes. Programs like word and excel use well known programs with signatures. All file extensions have programs associated with them.
 
Biznatch said:
Then your SSD would never be able to free up space and would fill up pretty quickly.
Click to expand...

In digital forensics, it is a bane because there is no hardware or software write blocker which can counter the garbage feature since it is on board the SSD itself. So the moment we plug it in and begin imaging the SSD, it is deleting potentially critical data.

On the other hand, this feature that can stop disk-wipe malware would be good if a suspect's computer had a disk wipe emergency feature in case they were caught.
 
I've got a secret that they'll really hate, read on for more...... ....... Right click, properties, click Read only box. :D
 
You must log in or register to reply here.
Back
Top