±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36768
New Yesterday: 0 Visitors: 74

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

USB activity monitoring

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Agent47
Member
 

USB activity monitoring

Post Posted: Sep 27, 17 07:59

Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, ...) on USB copy or open.  
 
  

Bunnysniper
Senior Member
 

Re: USB activity monitoring

Post Posted: Sep 27, 17 08:42

- Agent47
Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, ...) on USB copy or open.


ShellBags! MFT! LNK! Memory Dumps! Hyberfil! Pagefile! So many options here....!  
 
  

Mreza
Senior Member
 

Re: USB activity monitoring

Post Posted: Sep 27, 17 13:07

- Agent47
Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, ...) on USB copy or open.


A few examples

cyberforensicator.com/...forensics/

youtu.be/HtQ6AxE_dT0  
 
  

AmNe5iA
Senior Member
 

Re: USB activity monitoring

Post Posted: Sep 28, 17 11:01

 
  

jaclaz
Senior Member
 

Re: USB activity monitoring

Post Posted: Sep 28, 17 12:48

- Agent47
Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, ...) on USB copy or open.


Just to clear your question (that has already been read and thus answered differently) are you asking about:
1) "monitor" PAST activity (i.e. interpreting logs and artifacts created by default and standard OS, which is what Bunnysniper and Mreza referenced)
2) "monitor" CURRENT activity (i.e. recording what goes through the USB bus which is what AmNe5iA referenced)

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

cmontiel05
Newbie
 

Re: USB activity monitoring

Post Posted: Oct 30, 19 17:22

Hello Agent47,

Unsure if you've already found your solution but can tell you that W4 by Vound can provide you the information you're requesting.

W4 has a nice feature called "Links". For example, you can see your document and all of the other artifacts linked to it such as: usb drives, user accounts, etc.

Thanks

CM  
 

Page 1 of 1