<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3026858&amp;fmt=gif">

1 min read

How to analyze USB device history? [Windows]

Featured Image

Whether you are investigating an endpoint in your corporate environment or you are part of a criminal investigation, you need to investigate the USB device history of an endpoint.  Knowing what USB devices were connected to the computer is the essential information and of great importance to a forensic examiner.

This feature is mostly provided by traditional desktop forensic solutions or specifically designed standalone solutions but with TACTICAL, you get the full forensic snapshot + USB storage history with one fast and simple solution.

Below you can find steps:

  1. Once you execute TACTICAL on your machine on the main user interface you will see already selected evidence and artifact types.  These by default selected evidence and artifacts are carefully chosen, so end users can get a forensic snapshot in less time and effort.  

analyze USB device history

2. Click on the evidence types and you will notice that USB Storage History is already pre-selected. Click on “OK” and let’s start the evidence collection.

list of digital evidence

3. You will notice that the digital evidence acquisition is done in less than 10 minutes while processing 40 GB of data and 988 files.

CleanShot 2021-12-27 at 11.50.11

4. Once the evidence collection process is complete, open the HTML Report. In the report menu, you will find a list of collected evidence types containing parsed data. Clicking on any of the evidence types will display a table of parsed data. You can easily search, filter, view details, and bookmark items in these lists.

 

digital evidence collection report

Also when you select the USB Storage History from a report you can easily see inserted USB drives with their extended information like Serial, First Install, Last Arrival, and Last Removal.

forensic report

And that is all. 

Using a traditional digital forensics approach it would take hours to reach this kind of comprehensive collection and report but with TACTICAL you can get a full forensic snapshot + USB device history in less than 10 minutes and with zero manual work. 

Learn more about TACTICAL here.

Binalyze December 2021 Product Updates

Welcome to our monthly product updates roundup! Here’s a rundown of the new features and solutions we released in the past month that you can now...

Read More

Incident response trends 2021

There is no surprise in stating that in 2021 ransomware was the most dominant threat and so far it shows no sign of slowing down in 2022. Across...

Read More

How to analyze USB device history? [Windows]

Whether you are investigating an endpoint in your corporate environment or you are part of a criminal investigation, you need to investigate the...

Read More