Significantly increased use of USB devices due to their user-friendliness and large storage capacities poses various threats for many users/companies in terms of data theft that becomes easier due to their efficient mobility. Investigations for such data theft activities would require gathering critical digital information capable of recovering digital forensics artifacts like date, time, and device information. This research gathers three sets of registry and logs data: first, before insertion; second, during insertion; and the third, after removal of a USB device. These sets are analyzed to gather evidentiary information from Registry and Windows Event log that helps in tracking a USB device. This research furthers the prior research on earlier versions of Microsoft Windows and compares it with latest Windows 10 system. Comparison of Windows 8 and Windows 10 does not show much difference except for new subkey under USB Key in registry. However, comparison of Windows 7 with latest version indicates significant variances.
USB Storage Device Forensics for Windows 10-
Find out what happened during a ransomware attack on computer
Introduction The encryption pandemic has swept the world. No commercial companies or gover… -
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives…
Load More Related Articles
-
Detection of Malicious Activities in Internet of Things Environment Based on Binary Visualization and Machine Intelligence
Internet of Things (IoT) devices are increasingly deployed for different purposes such as … -
Characteristics and detectability of Windows auto-start extensibility points in memory forensics
Computer forensics is performed during a security incident response process … -
Detection of Algorithmically Generated Malicious Domain
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) t…
Load More In Science
Comments are closed.