Along with disabling autoplay/autorun, you may want to consider turning off the automount functionality of Windows systems requiring high security and is a decent secondary protection on a forensics workstation (you are using a hardware write blocker as well….right? :-)).
To disable automount (this has been tested under Windows 7) either:
- run diskpart and once at the prompt type: automount disable
- or, execute: mountvol /N
- or, set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MountMgr\NoAutoMount to 1 in the registry (you’ll see this entry change appropriately if you use one of the previously mentioned commands).
NOTE: the commands mentioned above will need you to “Run as an Administrator” in Windows 7.
In Windows 8.1, the registry key location is as follows:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr\NoAutoMount
Thanks Todd!