How to be 100% certain a USB drive has not been tampered with and has no malware? [duplicate]

Say you find a usb drive on the street and you want to be 100% sure it hasn't been tampered with, neither via software nor by modifying its hardware (adding or modifying components, etc.), so that there is zero risk of malware.

Is fully formatting it enough to be 100% certain no malware remains? If so, is fully formatting it with the standard slow process from within Disk Utility in Tails 3.2 enough to do so?

Asume the highest possible technical ability from the attacker. Not just reasonable or plausible scenarios.


There is no way to be 100% sure the USB is safe, and that it will not harbour malware even if wiped. (If I were that way inclined, and had the knowledge, a small chip with malware, not active, with a decent size stick with random crap - after X number of power cycles, switch chip).

You should be very wary of plugging any USB key of unknown origin into your system as USB killers are a thing, and will kill your USB port, and possibly system - to get round this you might be able to use a sacrificial USB hub.

Unfortunately most USB sticks are cheap and easy to open - someone with some skill could easily replace the insides of one with no externally visible indications.


You assume that it is tainted.

You cannot be betrayed if there never was any trust to be betrayed.

And you will not suffer harm if you assume that harm is what will happen and prepare to meet it.

Remove hard-drives, disconnect from the network, use a bootable drive

If you are hellbent on examining this USB drive and want to avoid malware, you can do so by taking a computer, removing all its hard-drives, unplugging it from all networks (including WiFi) and then boot it up using a bootable USB drive. Now you have a computer that cannot be tainted and that cannot spread the contents of the found USB drive.

By now you can mount the found USB drive and examine its contents. Even if it is tainted, the only thing the malware reaches is an "empty" computer with an OS that you do not care if it gets infected anyway.

Determine your level of paranoia

Do note that even this is not entirely "safe". Assume that this is The Perfect Malware™.

  • If you boot from a writable media (USB stick, writable CD/DVD), then this may become tainted too if it is writable and remains in the computer as you insert the tainted USB drive.

  • Practically all peripherals have some kind of firmware that can be updated. Malware can choose to nest there.

  • You could end up with a corrupted BIOS that compromises the hardware for good even after you have removed the tainted drive and powered down.

So unless you are prepared to throw away all the hardware afterwards, you need to determine how badly do you want to examine this found USB stick and what price are you willing to pay to 1) stay safe and 2) take the consequences if things turn out bad?

Adjust your paranoia to reasonable levels according to what risks you are willing to take.


As far as a hardware hack, an absurdly advanced electrical specialist with a specific target could make a logic circuit that checks for you finishing running your cleaning software, then injects something into the host computer and the flash drive. They might even be able to make the drive look somewhat normal internally, to a casual observer. Just remember, theoretically nothing is secure. Security is all based on the effort people put in to hacking you, and the effort you put in to stopping them.