As from the subject, I want to see what's inside. I am seriously interested in finding the owner if possible and returning them, but I am worried it could be an attempt at social engineering. I own a MacBook Pro Intel with OS X v10.6 (Snow Leopard). It is a very important install.
What would you do in my situation if you want to see the content without risks? Any proposal is welcome.
I decided not to plug them in, and I brought them to the hotel reception. They will forward it to the police.
Disconnect from network. Boot from CD. Do not mount HDD.
Plug in USB drives, mount them and poke around.
Why look at the content? I can understand that you are curious, but the content of those drives is none of your business. If you lost a drive, would you want others to look at the content?
Leave some notes in the area where you found them or bring them to the lost property office if you have one.
It could be full of nanites that are going to crawl into your computer and turn it into the master computer for the super-secret Tristan da Cuhna nuclear program. :)
All kidding aside, with the possibility that it could have some form of malware, government secrets, terrorist documents, data used in identity theft, illegal pornography, or child pornography your best bet is to turn it over to law enforcement in whatever jurisdiction you found it in with as much information about where you found it as possible. Leave it to them to figure out what to do with the USB stick.
Just open it! OS X doesn't have any form of AutoRun, and (unlike Firewire) USB does not allow Direct Memory Access attacks. So looking through the USB stick and not executing anything would be perfectly safe.
If booting to a LiveCD is not an easy option, do you have any virtualization software? You could create a virtual machine and connect the device to that isolated machine. I've done that in the past using VMWare Workstation. You could probably download an eval copy of VMWare Workstation, which allows sharing of USB devices.
I would be careful that you know the USB device is going to be connected to the VM and not the host. I've done this enough in the past that I was comfortable knowing that the device would be connected to the VM and not my host machine.
To be safer, make sure the VM OS does not have any sensitive information or connectivity to sensitive information (i.e. network connectivity or other sharing with the host).
Edit: I've actually done this too. Turns out the drive contained the person's entire work portfolio. I was able to track down her contact information from the content on the device. She was so relieved when I returned the device to her. It was a very attractive drive too. I asked her if she knew where I could get one, but she got it as a gift in Korea, so she didn't know where I could find one. It was very similar to the Pico USB flash on Thinkgeek, except that the pins weren't exposed.
