USB

From ForensicsWiki
Revision as of 10:33, 1 June 2008 by .FUF (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

USB is an acronym for the Universal Serial Bus, a method for attaching a wide variety of devices to a host system. USB provides for hot-swap of devices, and network-like communications that allow for additional ports to be added to a system by way of internal or external hubs, often mitigating the need to physically open a host system in order to add more device capacity.

History of Past Devices

Main article USB History Viewing

Microsoft Windows operating systems are known to record information about each USB device when it is connected. Such information can be used by an examiner to show that a person had possession of a USB device, a device was used on a machine, or that data exfiltration was conducted, for example.

USB Monitoring Tools

Windows
Linux
  • enable CONFIG_USB_STORAGE_DEBUG and monitor syslog
  • usbmon
  • Turn on usbfs_snoop and monitor syslog and the kernel buffer ring.
Retrieved from "http://forensicswiki.org/index.php?title=USB&oldid=7022"