We're updating the issue view to help you get more done. 

Data from Removable Media

Description

Sensitive data can be collected from any removable media (optical disk drive, USB memory, etc.) connected to the compromised system prior to Exfiltration.

Adversaries may search connected removable media on computers they have compromised to find files of interest. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information. Some adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on removable media.

id

T1025

tactic

collection

datasources

Process command-line parameters
Process monitoring
File monitoring

maturity

Not Tracked

Assignee

Unassigned
Configure