1 min read

How to analyze USB device history? [Windows]

Featured Image

Whether you are investigating an endpoint in your corporate environment or you are part of a criminal investigation, you need to investigate the USB device history of an endpoint.  Knowing what USB devices were connected to the computer is the essential information and of great importance to a forensic examiner.

This feature is mostly provided by traditional desktop forensic solutions or specifically designed standalone solutions but with TACTICAL, you get the full forensic snapshot + USB storage history with one fast and simple solution.

Below you can find steps:

  1. Once you execute TACTICAL on your machine on the main user interface you will see already selected evidence and artifact types.  These by default selected evidence and artifacts are carefully chosen, so end users can get a forensic snapshot in less time and effort.  

analyze USB device history

2. Click on the evidence types and you will notice that USB Storage History is already pre-selected. Click on “OK” and let’s start the evidence collection.

list of digital evidence

3. You will notice that the digital evidence acquisition is done in less than 10 minutes while processing 40 GB of data and 988 files.

CleanShot 2021-12-27 at 11.50.11

4. Once the evidence collection process is complete, open the HTML Report. In the report menu, you will find a list of collected evidence types containing parsed data. Clicking on any of the evidence types will display a table of parsed data. You can easily search, filter, view details, and bookmark items in these lists.

digital evidence collection report

Also when you select the USB Storage History from a report you can easily see inserted USB drives with their extended information like Serial, First Install, Last Arrival, and Last Removal.

forensic report

And that is all. 

Using a traditional digital forensics approach it would take hours to reach this kind of comprehensive collection and report but with TACTICAL you can get a full forensic snapshot + USB device history in less than 10 minutes and with zero manual work. 

Learn more about TACTICAL here.

Join us at the virtual roundtable carried out by GLACY+ Project in cooperation with APWG.EU

We are living in an era, where the volume and sophistication of cyberattacks have increased as a result of overflowing data and increased attack...

Read More

Binalyze secures $10 million in Seed funding to develop its Real-time Enterprise Forensics platform

Binalyze enables enterprises to respond to cyber breaches in real-time which dramatically speeds up investigations and remediation; this funding will...

Read More

Binalyze and Netsmart join forces to deliver enterprise forensics in Turkey

Binalyze, the World’s leading provider of advanced Enterprise Forensics and Incident Response solutions, today announced it has partnered with...

Read More