February 2008 R. Scott Clark
A flash drive is a small external USB storage device that reads and writes to flash memory, a solid-state storage medium that’s both inexpensive and durable. Given that your typical flash drive is the size of an adult’s thumb, it’s not uncommon to hear of these ubiquitous devices as “thumb drives”.
It should be noted that while newer Solid State Drives (SSDs) share the flash memory medium with USB thumb drives and sometimes come equipped with a USB interface, many prefer to keep the two terms distinct from one another due to the large differences in physical size, speed, and price.
There are many types of flash drives available to suit all different kinds of use, but to keep things simple we’ll break things down into five different categories – generic, high performance, ultra durable, secure, and novelty. Keep in mind that these categories are not all mutually exclusive. For example, a secure flash drive with hardware encryption may also be durable enough to withstand the crushing forces of a Honda Accord.
What we like to think of as generic flash drives are the most common type sold, build for economy and raw capacity but not necessarily speed, and almost always encased in plastic. With the exception of a few manufacturers, just about any flash drive with a product name that doesn’t have a Mountain Dew-inspired suffix like Express, GT, GTR, Ultimate, or Ultra will typically fall into this category. Likewise, any product that has such a suffix or is labeled as a high-end model would fall into our high performance category and will employ higher-binned flash memory chips, USB 3.0 and/or better memory controllers to increase transfer speeds.
Ultra durable flash drives can be either fast or slow, but are by far the most fun to review because we get to beat the crap out of them, all in the name of journalism! These can be encased either in rubber to protect against impacts (as shown in the video), and they may or may not have a watertight seal for the USB cap. Depending on the design, manufacturer’s claims, and your definition of common sense, these babies can withstand drops/throws from the top of a building to a concrete surface below, are more likely to survive several rounds in the washer and dryer (if allowed ample time to dry before use), laugh at the notion of being baked in an oven, and love to be submerged at the bottom of a diving pool. Better still, some can deflect bullets up to a .50 caliber, or withstand the almighty crushing forces of Honda automobiles.
Secure flash drives are ones that provide hardware encryption for ensuring the confidentiality and integrity of the stored data. These drives employ an onboard co-processor to handle the encryption algorithms, thus allowing the drive to maintain moderate read and write speeds compared to generic drives used with software encryption utilities. A secure flash drive’s authentication method of choice can vary from a simple username and password logon to more secure biometric fingerprint scanners and funky combination locks.
Other secure flash drive features may include self-destruct sequences, tamper-evident designs, and centralized remote management. The U.S. National Institute of Standards and Technology (NIST) has published a document outlining cryptographic security levels in FIPS 140-2 (warning: pdf), and many drive manufacturers that wish to do business with large corporations or government entities will certify their drives against these standards. At the time of this writing, the highest rating achieved by a flash drive is FIPS 140-2 level 3.
Be sure to check the manufacturer’s website for the method of encryption used; we recommend seeking drives with at least 128-bit AES encryption. Also be sure to register your flash drive with the manufacturer in case the drive’s security is defeated and requires a recall or software update. In early 2010, Kingston, SanDisk, and Verbatim all had to recently face the music when their FIPS 140-2 Level 2 drives were cracked by a German security firm.
Novelty flash drives, last but not least, include any drive that stands out from the rest of the crowd either through the design or the inclusion of bundled features. A few conservative examples would be insanely small and key-shaped drives, split-drive, funky drive covered with Swarovski, beer drives, Mini Cooper, Darth Vader-lookalike flash drive, or a pair of sticks disguised as Swiss Army knife.
Whereas most portable hard drives employ magnetic hard disks with moving parts that can easily break, flash drives are much more durable thanks to their solid state nature, having been known to survive drops of 6′ or more on a routine basis and can even survive a load or three in the laundry. A flash drive is also much easier to pocket than a portable hard drive and can attached to a lanyard or keychain, plus they can be significantly less expensive if only a basic model is needed.
Quite simply put, shoppers primarily concerned with storage capacity should stick to portable hard drives for the cheaper cost per GB, while anyone looking to simply move a few office documents, MP3s or handful of movies around from place to place is going to be better served by the portability and durability that is a USB flash drive.
This mostly depends on when the drive was released and what memory was being used from which manufacturer, but currently the fastest USB 2.0 flash drives on the market are able to reach read and write speeds of up to 34 and 28MB/s respectively. Typically the manufacturer-listed flash drive speeds only apply to transfers of large contiguous files, whereas smaller files less than 1MB in size can dramatically slow down transfer rates due to the overhead for each file. Actual speeds are also largely dependent on the USB controller of your motherboard and how many USB devices are simultaneously plugged in.
Older high performance drives up to 16GB in size often use what’s known as Single-Level Cell (SLC) memory instead of the more-common Multi-Level Cell (MLC) memory, thereby boosting write speeds for smaller files while simultaneously boosting a flash drive’s endurance level. SLC memory is more expensive to implement however and offers less storage capacity for the die area, and over time has lost significant interest from semiconductor fabs like Samsung as consumer demand for larger flash drives increases. To make up for the loss of SLC memory, flash drive manufacturers have implemented a number of tricks including the use of quad-channel dual controllers and to a lesser extent custom drivers.
This largely depends on your intended use for the drive. Most thumb drives come pre-formatted as FAT32 for cross-platform compatibility with Windows, Mac, and Linux compatibility. Unfortunately this formatting scheme limits the size of any given file to 4GB, so you’ll find that some high definition videos, databases, or secure file vaults won’t fit with this formatting type unless they’re first placed into a multi-volume archive with a utility such as WinRAR or 7-zip.
If you want to avoid this 4GB limit, we recommend reformatting the flash drive to NTFS, which allows for larger file sizes and also offers much improved reliability. NTFS is natively supported by all versions of Windows since NT / 2000, and is also available on Mac and Linux thanks to the NTFS-3G project. Most Linux distributions made within the last year already have NTFS-3G installed and ready to go; Mac users already have Read-Only support built into the operating system but will need to install either the free Catacombae driver or the commercial Tuxera NTFS for Mac driver if write support is needed. Unfortunately, NTFS is not yet supported by many embedded devices such as televisions or media players due to the fact that NTFS is a proprietary system owned by Microsoft and requires licensing.
Another recent development is the exFAT file system, a format that’s optimized for flash drives and currently available on all Windows operating systems since Vista SP1. Windows XP / 2003 users can add experimental support for exFAT by installing KB955704. exFAT improves on the limitations of FAT32 and removes the dreaded 4GB file size limit without the added overhead of NTFS, however we are hesitant to recommend it because at this time it cannot be used with Mac or Linux, and again is incompatible with most embedded devices.
While the best security (and speed) often comes from hardware-secured flash drives with their built-in cryptologic co-processors, anyone can secure their regular flash drive through the use of a free open source program called TrueCrypt. TrueCrypt offers a large array of encryption algorithms to choose from including 256-bit AES, Serpent and TwoFish, or any combination of all three, and is available for Windows, Mac and Linux operating systems.
If TrueCrypt is installed on the host machines you plan on using the flash drive with, it’s possible to put a single large file on the flash drive that houses all your encrypted data. This file has built-in plausible deniability – you can’t tell it’s a TrueCrypt file until its mounted, and if required to divulge the password, you can provide a second password that unlocks a different portion of the encrypted volume that’s filled with “safe” data like a fake journal, and there’s no way for anyone to tell that this isn’t what you’re really protecting.
TrueCrypt can also be ran in “portable mode” with the binaries for encryption and decryption kept on the flash drive itself, although this would give away the fact that you’re housing a TrueCrypt volume on the flash drive. The caveat to this is that you’ll need administrator privileges for any computer you plan on using to access the TrueCrypt volume.
An alternative to TrueCrypt is Microsoft’s BitLocker To Go, a full-disk flash drive encryption technology that’s limited to Windows 7 Enterprise and Ultimate editions and Windows Server 2008 R2. Unlike TrueCrypt, BitLocker To Go doesn’t require administrative rights to install or use, and if your workplace likes to stay on the bleeding edge of tech, it may already be widely accessible to you. BitLocker uses AES 128/256-bit encryption.
Unlike TrueCrypt, BitLocker does not have plausible deniability, and Microsoft actively aids law enforcement with recovery in certain scenarios. In a nutshell, don’t leave your computer running because the encryption keys are stored in RAM and can be accessed using forensic software. This is a vulnerability shared by many drive encryption programs and should not be viewed as actually cracking BitLocker. In an enterprise environment, if the volume recovery keys are stored in Active Directory and the system administrator has loose lips or gets handed a subpoena by the authorities, you’re boned. Cryptome hosts a copy of Microsoft’s BitLocker lawful spying guide on their website if you’re interested; search for “win7-bit-spy”.
Remember, there’s no way to keep your data 100% secure if the computer you’re using has been compromised, so be cautious of accessing your private data at public computers like those in a PC cafe. Also, Randall Munroe over at xkcd raises a very valid point in that the weakest link in security is always the human factor.
Flash drives left unattended in a parking lot may be a part of a sophisticated social engineering attack. These drives may be seeded with a trojan horse set to automatically run as soon as the drive is inserted and quietly steal your personal or company information in the background. Proof of concepts exist with the USB Switchblade and USB Hacksaw projects, and similar methods have also been used in penetration tests against a credit union and in an actual attack against the U.S. Pentagon!
If you do happen to encounter a stray flash drive and have the unrelenting itch to use it, first, make sure you’ve disabled autorun on your computer. Next, access the drive from within a sandboxed environment such as VMware or the freeware VirtualBox, and make sure that if it’s a U3 drive, the virtual CD ROM partition isn’t compromised. If it is, you’re better off simply destroying the drive. Next, check the data partition for viruses. If you suspect there might be any, you’ll want to format the drive. Congratulations on your newly found (and unpaid for) flash drive!
Keep in mind that not all misplaced flash drives are out to get you. Some might actually be lost and sought after by their owners. Others could be part of an elaborate marketing promotion as was the case with Nine Inch Nails’ Year Zero alternate reality game, ultimately leading to free private concerts. Always use your best judgment and caution.
Stop whatever it is you’re doing, don’t write anything to the flash drive, and Recuva that file for free!! From the makers of CCleaner, Piriform’s Recuva is a donationware utility that’s able to rescue data on hard drives and flash drives formatted as FAT, exFAT, and NTFS.
Having personally tested this app on an 8GB flash drive formatted as NTFS, we were happy to see it successfully recover not only files that were recently deleted in Windows Explorer, but also files that were lost after a complete reformat through the deep scan functionality. Unfortunately, the files lost to reformatting were without their original file names, though the actual data was 100% intact. Be warned however that the program is not likely to restore data that’s fragmented and doesn’t reside in the drive’s MFT, or data that’s been overwritten over by new data.
Though typically installed on a fixed hard disk in case of future disaster, Piriform also offers the program in a U3 or generic portable version that can be installed to and ran from a flash drive.
Yes! A bootable flash drive can be the ultimate tool for recovering a downed computer, or perhaps your easiest means of upgrading a netbook’s operating system without a CD-ROM drive. Because there’s so many potential uses and ways to make a flash drive bootable, unfortunately we won’t be able to go in depth for the purposes of this FAQ. To get you started in the right direction, however, here’s a handful of scenarios and their associated walkthroughs that we feel are well-written and easy to follow.
ReadyBoost is an advanced disk caching technique tied into Windows Superfetch for Windows Vista and Windows 7. It can dramatically speed up the performance of computers with little RAM, especially those with 1GB or less. Because flash memory is able to handle random non-sequential reads faster than a conventional hard drive would, it’s better suited for caching small bits of data while larger chunks are still left to the hard drive’s faster throughput.
ReadyBoost can be activated on any flash drive greater than 256MB in size, provided that the USB flash drive can manage at least 2.5MB/s for random 4kB reads and at least 1.75MB/s for random 512kB writes. Nearly all high performance flash drives meet this requirement, and some are even labeled to show they’re enhanced for ReadyBoost. On Vista, up to 4GB can be used for ReadyBoost caching, whereas on Windows 7 there is no limit. Any cached files written to the flash drive are both compressed and encrypted with 128-bit AES.
An alternative to ReadyBoost that’s similar in concept is the third-party eBoostr utility, whose main draw is that it works with Windows XP and Windows 2000 whereas ReadyBoost doesn’t.
The reason we don’t particularly care for ReadyBoost and company is because flash drives have a limited number of write cycles and wear down over time; these utilities only make the process go that much quicker. Also, ReadyBoost’s performance pales in comparison to the simple alternative of buying more RAM. And why not? RAM is incredibly cheap nowadays and super easy to install. Seriously… if there’s one component that’s always been user upgradeable in any locked down Dell, HP or Gateway system, it’s been the memory. If you’re still too scared to open the case, have your cat do it.