usbHistory - a forensic tool to extract usb history

Posted by nabiy March 18, 2008

usbHistory - a forensic tool to extract usb history

I have finally published a tool that i've been sitting on since early January. It is called usbHistory and is a command-line tool to extract trace evidence of USB activity from the windows registry. It gathers information such as the last time the thumb drive or mp3 player was connected to the machine as well as the last drive letter.

you can check out the article on my site here.

Comments

trebor said…

I am trying to use your tool for a post
morten forensics analisys
Is there a way to use this program with a registry file extracted from a
disk image?
With sleuthkit I extracted HLMK/system and I would like to give it as a input for your program

February 28, 2010 at 2:06 PM

nabiy said…

Hi Trebor, I have received quite a few requests for that feature and I am trying to implement it in my spare time, as well as the ability to read a registry live over the network. In the meantime, take a look at http://liveview.sourceforge.net/ it allows you to boot the image and you should be able to use the program as you would on a live system. - nabiy

March 2, 2010 at 11:31 AM

trebor said…

Thanks nabiy

March 3, 2010 at 12:29 AM

Search This Blog

UncommonCowboy.com

usbHistory - a forensic tool to extract usb history

Comments

Popular Posts

Streaming BDO to the Big Screen

Getting and Upgrading Your Weapon.. Yuria, Liverto etc