Difference between revisions of "USB"

From Forensics Wiki
Jump to: navigation, search
(Added History of Past Devices)
m
 
(One intermediate revision by one user not shown)
Line 6: Line 6:
 
{{main|USB History Viewing}}
 
{{main|USB History Viewing}}
 
Microsoft [[Windows]] operating systems are known to record information about each USB device when it is connected. Such information can be used by an examiner to show that a person had possession of a USB device, a device was used on a machine, or that data exfiltration was conducted, for example.
 
Microsoft [[Windows]] operating systems are known to record information about each USB device when it is connected. Such information can be used by an examiner to show that a person had possession of a USB device, a device was used on a machine, or that data exfiltration was conducted, for example.
 +
 +
=USB Monitoring Tools=
 +
;Windows:
 +
* [[usbsnoop]]
 +
;Linux
 +
* enable CONFIG_USB_STORAGE_DEBUG and monitor syslog
 +
* [[usbmon]]
 +
* Turn on [[usbfs_snoop]] and monitor syslog and the kernel buffer ring.
  
 
[[Category:Hardware]]
 
[[Category:Hardware]]

Latest revision as of 09:33, 1 June 2008

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

USB is an acronym for the Universal Serial Bus, a method for attaching a wide variety of devices to a host system. USB provides for hot-swap of devices, and network-like communications that allow for additional ports to be added to a system by way of internal or external hubs, often mitigating the need to physically open a host system in order to add more device capacity.

History of Past Devices

Main article USB History Viewing

Microsoft Windows operating systems are known to record information about each USB device when it is connected. Such information can be used by an examiner to show that a person had possession of a USB device, a device was used on a machine, or that data exfiltration was conducted, for example.

USB Monitoring Tools

Windows
Linux
  • enable CONFIG_USB_STORAGE_DEBUG and monitor syslog
  • usbmon
  • Turn on usbfs_snoop and monitor syslog and the kernel buffer ring.
Retrieved from "http://www.forensicswiki.org/w/index.php?title=USB&oldid=7022"