Top Ad unit 728 × 90

Latest News

random

Daily Blog #537: Forensic Lunch Test Kitchen 11/14/18

Hello Reader,
          The test kitchen has returned! Tonight we looked at the new USB artifacts described in yesterdays post http://www.hecfblog.com/2018/11/daily-blog-536-usb-30-external-storage.html and look to see how USB Detective handles the new driver.

Here is what we learned:
  • The DeviceContainers key is the place that glues together the disparate keys you need for a storage device to figure out its properties
  • The USB enum key has the same 83da property GUID for driver installs that provides the install, last insert and last removal dates that USBStor did. 
  • USB Detective properly detected the drives, found the serial numbers, dates of install and even the volume serial number with the assistance of the event logs!

Jason Hale is now going to update USB Detective to get the rest of the data and I'd be happy to provide the same test data to any other developer out there who would also like to update their tools.

You can watch the video here:
Daily Blog #537: Forensic Lunch Test Kitchen 11/14/18 Reviewed by David Cowen on November 14, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.