Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Recommend Us
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: vacckev
New Today: 0
New Yesterday: 3
Overall: 26163

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 computer forensics or information security
 LinkedIn Forensic Toolset - Beta Testers
 duplicators which can image without removing hard drive
 SMART for Linux - copy mount point
 Stegnography

Computer Forensics World Forums


Pages Served
We received
28699675
page views since August 2004

Security Sources

Firewalls
Cryptography
ISO 17799 ISO 27001
ISO 17799 Toolkit
ISO 27001 & 27000
Disk Analysis
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Track USB activity
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Track USB activity

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
digitalcoroner
Newbie
Newbie


Joined: May 11, 2012
Posts: 3
PostPosted: Mon Jul 02, 2012 10:40 pm    Post subject: Track USB activity Reply with quote
I'm working on a case where I have to determine if the user uploaded or downloaded anything to a USB device. I've located all the entries out of the registry and logs that show that USB was connected (i've timestamp, pid, vid, serial number), however how do I determine if the user saved or uploaded anything to/from the device?

Thanks.
Back to top
View user's profile
jhup
Newbie
Newbie


Joined: Jun 27, 2012
Posts: 2
PostPosted: Tue Jul 10, 2012 7:27 am    Post subject: Reply with quote
Presuming Microsoft Windows because of your "registry" comment - have you looked at link files, recent folders, opensavemru, shellbag?
Back to top
View user's profile
ChrisParker
Newbie
Newbie


Joined: Jan 23, 2006
Posts: 10
PostPosted: Thu Aug 09, 2012 11:11 pm    Post subject: Reply with quote
Also check the Internet History. It might be the user opened files from the USB drive.

Keep in mind that if this person copied files using a command prompt, not many traces will be present, other then inserting the USB drive.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem, sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. © 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.