ValiDrive performs a fast, randomized spot-check across the entire declared capacity of a USB drive. At each location, it verifies the successful storage and retrieval of random, unspoofable test data.
While scanning your USB drive, ValiDrive also records the time required for each random read and write operation. Once the scan is complete, it analyzes and summarizes the drive's access-time statistics in a detailed final report.
The drive maps shown below are typical of the counterfeit USB drives flooding the market. In this example, a drive was sold as having two terabytes (2 TB) of capacity but actually contains only 62 gigabytes (62 GB) of real flash storage:
How much of the storage of a drive does ValiDrive test?
ValiDrive's drive map contains 32 x 16 squares. So it tests 576 evenly-spaced 4k byte regions of any drive for a total of 2,359,296 bytes, or about 2.36 megabytes. If a drive contains internal RAM caching, ValiDrive will detect that and may increase its testing region size, as necessary, to bypass such caching; but this is not commonly encountered.
How reliable is ValiDrive at detecting fake USB drives?
ValiDrive excels at quickly spotting drives that overstate their capacity by sampling about 576 spots across the drive. It often catches devices that appear fine initially but silently discard data beyond a certain point.
Why does ValiDrive sometimes run very slowly on certain drives?
Because it switches between random read and write operations in 4 KB chunks, it can trigger internal voltage cycling in NAND-based devices. On some drives – especially slower ones – this leads to noticeably longer test times.
How are fake USB drives a big problem?
At first this might seem like a minor annoyance: You purchase a 1 or 2 terabyte drive at a bargain price and you receive a 64GB drive instead. But that's NOT what happens here!
The drive appears to be the 1 or 2 terabyte drive you purchased. You plug it into your computer and everything looks fine. You can even copy files to the drive; as many as you want. And when you look at the drive's contents the files are there. But what's insidious is that the files' contents may have never been stored.
These fraudulent drives contain just enough storage – typically 64GB – to convincingly hold the file system's directory listing. But once its first 64GB of storage space has been filled, the contents of any additional files will not actually be stored. Their names, dates and sizes will be stored in the directory at the front of the drive. Everything will appear to be fine. But the files' contents will be blank because they were "stored" where no storage exists.
Operating systems do not verify that the data they write was actually written. They rely upon the honesty of storage devices to report errors. If a write error occurs, then the operating system will rewrite the data elsewhere. But these deliberately fraudulent drives never report any problems – they just silently discard any data written where there's no storage.
What's New
- Allow false-positive CFA warning to be bypassed. ValiDrive's very low-level access to the system's physical drives would be dangerous if malware was allowed to do it. So Windows' Controlled Folder Access (CFA) is sometimes enabled to prevent this potential danger. Unfortunately, Windows doesn't give an application any warning when it's about to transgress – the application is summarily terminated. ValiDrive tries to detect and warn its users when CFA might be enabled, but this can sometimes be triggered when CFA is not enabled. The initial release of ValiDrive did not allow this possible false positive detection to be bypassed, but v1.0.1 does.
