MITRE ATT&CK / T1025
T1025
Data from Removable Media
Collection
Description
Adversaries may search connected removable media on computers they have compromised to find files of interest. Sensitive data can be collected from any removable media (optical disk drive, USB memory, etc.) connected to the compromised system prior to Exfiltration. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information.Some adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on removable media.
Platforms
LinuxmacOSWindows
Mitigations
- M1057 — Data Loss Prevention
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →