Countering the USBKill Switch

The USBKill switch is a software that was created to respond to having the computer system falling within the hands of law enforcement, bullies, or individuals that might steal it from while working at a public place. It is well known as an anti-forensics kill-switch software that could be configured to power-off a system, but could do others such as deleting files from the system.

This research is an attempt to counter the USBKill switch by sharing how it works, what artifacts can be found, and how investigators and incident responders can counter systems that are configured to use it.