Skip to the main content.

1 min read

How to analyze USB device history? [Windows]

Featured Image

Whether you are investigating an endpoint in your corporate environment or you are part of a criminal investigation, you need to investigate the USB device history of an endpoint.  Knowing what USB devices were connected to the computer is the essential information and of great importance to a forensic examiner.

This feature is mostly provided by traditional desktop forensic solutions or specifically designed standalone solutions but with TACTICAL, you get the full forensic snapshot + USB storage history with one fast and simple solution.

Below you can find steps:

  1. Once you execute TACTICAL on your machine on the main user interface you will see already selected evidence and artifact types.  These by default selected evidence and artifacts are carefully chosen, so end users can get a forensic snapshot in less time and effort.  

analyze-usb-device-history

2. Click on the evidence types and you will notice that USB Storage History is already pre-selected. Click on “OK” and let’s start the evidence collection.

list-of-digital-evidences

3. You will notice that the digital evidence acquisition is done in less than 10 minutes while processing 40 GB of data and 988 files.

tactical-operation-completed

4. Once the evidence collection process is complete, open the HTML Report. In the report menu, you will find a list of collected evidence types containing parsed data. Clicking on any of the evidence types will display a table of parsed data. You can easily search, filter, view details, and bookmark items in these lists.

digital evidence collection report

Also when you select the USB Storage History from a report you can easily see inserted USB drives with their extended information like Serial, First Install, Last Arrival, and Last Removal.

forensic-report

And that is all. 

Using a traditional digital forensics approach it would take hours to reach this kind of comprehensive collection and report but with TACTICAL you can get a full forensic snapshot + USB device history in less than 10 minutes and with zero manual work. 

Learn more about TACTICAL here.

 

3 min read

Digital Forensics in the Cloud

Cloud computing has become an integral part of our business infrastructure.

We use cloud computing primarily for application development, providing...

Read More

2 min read

Credence and Binalyze see the power in partnerships

At Binalyze, we always look at the world from the viewpoint of our customers. How can we add more value, what are their pain points and how do we...

Read More