The safest option is obvious, don’t try to access its contents, but if you absolutely had to, what steps would you take to minimize/contain any potential harm to your device/network?
Linux live USB, plug the drive into a sacrificial hub that can eat a bus kill if needed
A what that can eat a what?
Boot a PC with no hard drives with a live CD so there is no storage to write to. connect the drive and see what there is.
Hard drives (SSDs, etc) are not the only durable storage that can be written to
I would play it safe and test it on my work PC in case there’s anything that can cause trouble.
You can use https://tails.net/ booting from another flash drive in memory only.
Rpi, fresh Linux, offline.
To do it right, use a write blocker and clone it. Then lock the original away and have fun with the copy.
Throw it into the fires that forged it
AFAIK computers with normal setups won’t auto-run anything on a flash drive you insert. At most they’ll prompt you to ask if you want to run something. (Say no.)
So, it’s pretty safe to look at what files exist on the flash drive. Then you just have all the various exploits that exist with unknown files. Obviously, don’t run any executables on the drive. Don’t double-click on anything that looks like it’s a document (say PDF or word doc) because it might not be. To be extra safe, even if it is actually a PDF or word document, don’t open in the standard program (word or acrobat) because there’s a slight chance it might be an actual PDF that exploits an unpatched vulnerability in that program.
If I work in Iran’s nuclear program, and found this flash drive on the ground outside, I’d be a lot more cautious and maybe do some of these extremely paranoid things people here are suggesting. But, if Aunt Jenny was just over for a visit and I found a flash drive in the hallway near her room and want to check to see if it might be hers, it’s probably safe just to insert the drive take a quick look and not click on anything.
It doesn’t have to be a drive though. A random USB stick could actually be a virtual keyboard in disguise, ready to execute a scripted payload by simply injecting all the keystrokes as if it’s any other ordinary keyboard.
deleted by creator
Hit it with a hammer
Take it to the library and plug it into one of their computers.
Please don’t do this. People working at libraries aren’t paid enough to deal with that bullshit.
We pxe boot into a custom live diskless distro that reboots after use. The network these live in is hardened.
Don’t enable usb on public computers you are not prepared to protect
I don’t. I don’t work for a library, but judging from my local library branch, they don’t have the funding to retain competent IT staff. This isn’t about what they could or should do. It’s about not being an asshole to people that are already barely hanging on with what they have.
Am librarian. It’s ok. Nothing is going to sneak out into the wild from that USB. People plug USBs into our computers every day that are probably way worse than anything you pick up on the street.
