Details
-
Type:
Task
-
Status: To Do
-
Priority:
Medium
-
Resolution: Unresolved
-
Labels:None
-
datasources:Process command-line parameters, Process monitoring, File monitoring
-
id:T1025
-
tactic:collection
-
maturity:Not Tracked
Description
Sensitive data can be collected from any removable media (optical disk drive, USB memory, etc.) connected to the compromised system prior to Exfiltration.
Adversaries may search connected removable media on computers they have compromised to find files of interest. Interactive command shells may be in use, and common functionality within [cmd](https://attack.mitre.org/software/S0106) may be used to gather information. Some adversaries may also use [Automated Collection](https://attack.mitre.org/techniques/T1119) on removable media.
