SlideShare uma empresa Scribd logo

File000152

Desmond Devendran
Desmond Devendran
Tecnologia
1 de 30
Baixar para ler offline
Module XXXIX – USB Forensics
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Taiwan on High Alert After Military Leak Source: http://www.iol.co.za/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Boeing Worker’s Data Case Goes to Jury Source: http://seattletimes.nwsource.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Universal Serial Bus (USB) • USB Flash Drive • Misuse of USB • USB Forensic • USB Forensic Investigation • Forensic Tools This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Universal Serial Bus (USB) USB Forensic USB Flash Drive Misuse of USB USB Forensic Investigation Forensic Tools
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Universal Serial Bus (USB) USB is the serial bus standard to interface devices to a host computer It allows many peripherals to be connected to a host computer using a single standardized interface socket It is generally used to connect computer peripherals such as mouse, keyboards, PDAs, gamepads and joysticks, scanners, digital cameras, printers, personal media players, and flash drives
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Flash Drive USB flash drive is the portable and rewritable data storage device integrated with a USB interface It is supported by modern operating systems such as Windows, Mac OS X, Linux, and other Unix-like systems The speed of USB 2.0 is to read up to 30 MB/s and write at about 15 MB/s • Male type-A USB connector • USB mass storage controller — implements the USB host controller • NAND flash memory chip • Crystal oscillator — produces the device's main 12 MHz clock signal and controls the device's data output through a phase-locked loop There are four parts of a flash drive:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot: USB Flash Drive
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Misuse of USB • It is a crime in which critical information of the company may be leaked using USB flash drive Data Theft: • USB devices can be used to propagate and install malicious program such virus, Trojan, spyware, and rootkits which can damage information and other computer resources Installing malicious program:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensics • Find the date and time of the data theft • Know the person who has installed the malicious program • Collect the data stored in USB • Collect the information about the data leaked from the computer • Trace the criminals who has done the crime using USB flash drive It helps the forensic investigators to: USB forensics is the technique of recovering and analyzing digital evidence from a USB flash drive and affected computer in a forensically sound manner
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensic Investigation Secure and evaluate the scene Document the scene Image the computer and USB device Acquire the data Examine the computer Analyze the USB Generate reports
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Secure and Evaluate the Scene Ensure that only the authorized person handles the scene Handle USB evidence properly to maintain physical evidence such as fingerprints Interview the owner of the USB, ask for any security code or password to gain access to the contents in USB Do not allow the suspects to handle the USB and the computer Search surrounding area and rooms, other than where a device is found
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Document the Scene and Devices Document the state of each device and computer that is synchronized with it Record the location and condition of USB, computers, storage media, and other digital devices Refer the non-electronics evidence such as invoices, manuals, and packaging material which may provide the information about USB capabilities and unlocking code Document the date and time of the evidence collected Photograph the crime scene including USB, cables, cradles, power connectors, and computer Avoid touching the USB while photographing Maintain a chain of custody
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Image the Computer and USB Device Prepare the bit-by-bit copy of memory, configuration of the affected computer using the tool like Safe Back Create the image of USB flash drive using the USB Image Tool 1.31 Use the hashing techniques such as MD5 to check the integrity of the imaged data
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the Data Collect all the data from the USB image and computer devices • Bad data Pro • Data Doctor Recovery You can use these recovery tools to recover the deleted files:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check Open USB Ports Option 1: Go to Device Manager Open Port Closed Port In Registry Editor, locate and then click the following registry key: • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUsbStor In the details pane, double-click Start In the Value data box, 3 denotes enabled USB and other values indicates disabled USB Option 2:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: USBTOR Footprints or artifacts are created in registry when a USB device is connected to the Windows system Plug and Play (PnP) Manager queries the device descriptor in the firmware for information about the device After the identification, registry key will be created beneath the following key: •HKEY_LOCAL_MACHINESystemCurrentControlSetEnumUSBSTOR Sub key beneath this key look like: •Disk&Ven_###&Prod_###&Rev_###
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: DeviceClasses Navigate to the following key: •HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDevice Classes The value iSerialNumber is a unique instance identifier for the device It is similar to the MAC address of a network interface card ParentIdPrefix value can be used to correlate additional information from within the Registry ParentIdPrefix determines the time when the USB device was last connected to the Windows system
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: MountedDevice Path to the MountedDevice is: •HKEY_LOCAL_MACHINESystemMountedDevice MountedDevices key stores information about the various devices and volumes mounted to the NTFS file system Use the ParentIdPrefix value found within the unique instance ID key to map the entry from USBSTOR to the MountedDevices
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Generate Reports Note the name of the investigator List of evidence gathered Documents of the evidence and other supporting items List of tools used for investigation Devices and set up used in the examination Brief description of the examination steps Details about the finding: • Information about the USB data • Computer related evidence • Data and image analysis Conclusion of the investigation
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensic Tools: Bad Copy Pro http://www.jufsoft.com/ Bad Copy Pro recovers the deleted files, formatted drive, or data loss due to damage, media error, and bad sectors of the USB flash drive It is a safe data recovery software that performs read-only operations on the USB flash drive and saves the recovered files
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Doctor Recovery http://www.datadoctor.in/ Data Doctor Recovery supports major USB device manufacturer’s Super flash, Kingston, Samsung, Transcend, Sony, and other latest series The software is easy and simple to use providing user friendly interface Features: • Recovers lost files including jpg, jpeg, gif, bmp, mpeg, and other stored records • Supports USB drive including pen drives, Zip drive, SD card, PC card, Flash memory etc. • Scans and transports data to the safe location according to the preloaded file structure • Recovers damaged data from any software Virus attack
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Doctor Recovery: Screenshot
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Image Tool http://www.alexpage.de/ USB Image Tool is the freeware which can create images of USB memory sticks • Creates image files of USB drives • Restores images of USB drives • Compressed image file format • Shows USB device information • Manages favorite USB images Feature of USB Image Tool:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Image Tool: Screenshot
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USBDeview http://www.nirsoft.net/ USBDeview is a small utility that lists all USB devices that are currently connected to your PC or have been connected to it in the past Along with the device’s name and description, it displays the serial number, date the device was added and last connected, VendorID, and other information It can also be used to gather USB devices from a remote computer via command line
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USBDeview: Screenshot
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary USB is the serial bus standard to interface devices to a host computer USB flash drive is the portable and rewritable data storage device integrated with a USB interface USB forensics is the technique of recovering and analyzing digital evidence from a USB flash drive and affected computer under forensically sound conditions Footprints or artifacts are created in registry when a USB device is connected to the Windows system USB CopyNotify is a software utility that notifies when a USB Stick is being used on any of the PCs on the network
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recomendados

Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsB R SOFTECH PVT LTD
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
USB flash drive security
USB flash drive securityUSB flash drive security
USB flash drive securityjin88lin
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 

Recomendados

Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsB R SOFTECH PVT LTD
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Android malware analysis
Android malware analysisAndroid malware analysis
Android malware analysisJason Ross
 
USB flash drive security
USB flash drive securityUSB flash drive security
USB flash drive securityjin88lin
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
File000119
File000119File000119
File000119Desmond Devendran
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
File000170
File000170File000170
File000170Desmond Devendran
 
File000117
File000117File000117
File000117Desmond Devendran
 

Mais conteúdo relacionado

Mais procurados

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetJuan F. Padilla
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 

Mais procurados (20)

Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINT
 
File000119
File000119File000119
File000119
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
MindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat SheetMindMap - Forensics Windows Registry Cheat Sheet
MindMap - Forensics Windows Registry Cheat Sheet
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
MALWARE
MALWAREMALWARE
MALWARE
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 

Destaque

Investigating server logs
Investigating server logsInvestigating server logs
Investigating server logsAnimesh Shaw
 
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)Desmond Devendran
 

Destaque (20)

File000170
File000170File000170
File000170
 
File000117
File000117File000117
File000117
 
File000175
File000175File000175
File000175
 
File000155
File000155File000155
File000155
 
Investigating server logs
Investigating server logsInvestigating server logs
Investigating server logs
 
File000168
File000168File000168
File000168
 
File000165
File000165File000165
File000165
 
File000128
File000128File000128
File000128
 
File000164
File000164File000164
File000164
 
File000174
File000174File000174
File000174
 
File000121
File000121File000121
File000121
 
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
 
File000166
File000166File000166
File000166
 
File000149
File000149File000149
File000149
 
File000163
File000163File000163
File000163
 
File000113
File000113File000113
File000113
 
File000148
File000148File000148
File000148
 
File000157
File000157File000157
File000157
 
File000171
File000171File000171
File000171
 
File000136
File000136File000136
File000136
 

Semelhante a File000152

Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossVi Tính Hoàng Nam
 
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersVi Tính Hoàng Nam
 
2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)Isaac Feliciano
 
Intro to digital forensic imaging
Intro to digital forensic imagingIntro to digital forensic imaging
Intro to digital forensic imagingDetectalix
 
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesCe hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesVi Tính Hoàng Nam
 
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptxQuarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptxKurtGardy
 
Power Point Lesson 03
Power Point Lesson 03Power Point Lesson 03
Power Point Lesson 03Nasir Jumani
 
basicitknowledge-101119022655-phpapp02.ppt
basicitknowledge-101119022655-phpapp02.pptbasicitknowledge-101119022655-phpapp02.ppt
basicitknowledge-101119022655-phpapp02.pptPawachMetharattanara
 
Basic IT knowledge
Basic IT knowledgeBasic IT knowledge
Basic IT knowledgeTechsailor
 
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptxQuarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptxKurtGardy
 
Lesson 01 introduction to computer
Lesson 01 introduction to computerLesson 01 introduction to computer
Lesson 01 introduction to computerRodz Tech
 

Semelhante a File000152 (20)

File000129
File000129File000129
File000129
 
File000150
File000150File000150
File000150
 
File000173
File000173File000173
File000173
 
File000127
File000127File000127
File000127
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Ce hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data lossCe hv6 module 55 preventing data loss
Ce hv6 module 55 preventing data loss
 
Ce hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computersCe hv6 module 46 securing laptop computers
Ce hv6 module 46 securing laptop computers
 
2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)2. rats (trojans) (cyber awareness series)
2. rats (trojans) (cyber awareness series)
 
Intro to digital forensic imaging
Intro to digital forensic imagingIntro to digital forensic imaging
Intro to digital forensic imaging
 
File000118
File000118File000118
File000118
 
Ce hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devicesCe hv6 module 41 hacking usb devices
Ce hv6 module 41 hacking usb devices
 
Css- 2nd quarter.pptx
Css- 2nd quarter.pptxCss- 2nd quarter.pptx
Css- 2nd quarter.pptx
 
Device drivers by prabu m
Device drivers by prabu mDevice drivers by prabu m
Device drivers by prabu m
 
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptxQuarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptx
 
Power Point Lesson 03
Power Point Lesson 03Power Point Lesson 03
Power Point Lesson 03
 
basicitknowledge-101119022655-phpapp02.ppt
basicitknowledge-101119022655-phpapp02.pptbasicitknowledge-101119022655-phpapp02.ppt
basicitknowledge-101119022655-phpapp02.ppt
 
Basic IT knowledge
Basic IT knowledgeBasic IT knowledge
Basic IT knowledge
 
Quarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptxQuarter 2_W2_D5_CSS.pptx
Quarter 2_W2_D5_CSS.pptx
 
Lesson 01 introduction to computer
Lesson 01 introduction to computerLesson 01 introduction to computer
Lesson 01 introduction to computer
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 

Mais de Desmond Devendran

Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guidesDesmond Devendran
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeDesmond Devendran
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentialsDesmond Devendran
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management Desmond Devendran
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDesmond Devendran
 

Mais de Desmond Devendran (18)

Siam key-facts
Siam key-factsSiam key-facts
Siam key-facts
 
Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guides
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentials
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
 
CHFI 1
CHFI 1CHFI 1
CHFI 1
 
File000176
File000176File000176
File000176
 
File000172
File000172File000172
File000172
 
File000169
File000169File000169
File000169
 
File000167
File000167File000167
File000167
 
File000162
File000162File000162
File000162
 
File000161
File000161File000161
File000161
 
File000160
File000160File000160
File000160
 
File000159
File000159File000159
File000159
 
File000158
File000158File000158
File000158
 
File000156
File000156File000156
File000156
 
File000154
File000154File000154
File000154
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

File000152

  • 1. Module XXXIX – USB Forensics
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Taiwan on High Alert After Military Leak Source: http://www.iol.co.za/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Boeing Worker’s Data Case Goes to Jury Source: http://seattletimes.nwsource.com/
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Universal Serial Bus (USB) • USB Flash Drive • Misuse of USB • USB Forensic • USB Forensic Investigation • Forensic Tools This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Universal Serial Bus (USB) USB Forensic USB Flash Drive Misuse of USB USB Forensic Investigation Forensic Tools
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Universal Serial Bus (USB) USB is the serial bus standard to interface devices to a host computer It allows many peripherals to be connected to a host computer using a single standardized interface socket It is generally used to connect computer peripherals such as mouse, keyboards, PDAs, gamepads and joysticks, scanners, digital cameras, printers, personal media players, and flash drives
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Flash Drive USB flash drive is the portable and rewritable data storage device integrated with a USB interface It is supported by modern operating systems such as Windows, Mac OS X, Linux, and other Unix-like systems The speed of USB 2.0 is to read up to 30 MB/s and write at about 15 MB/s • Male type-A USB connector • USB mass storage controller — implements the USB host controller • NAND flash memory chip • Crystal oscillator — produces the device's main 12 MHz clock signal and controls the device's data output through a phase-locked loop There are four parts of a flash drive:
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Screenshot: USB Flash Drive
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Misuse of USB • It is a crime in which critical information of the company may be leaked using USB flash drive Data Theft: • USB devices can be used to propagate and install malicious program such virus, Trojan, spyware, and rootkits which can damage information and other computer resources Installing malicious program:
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensics • Find the date and time of the data theft • Know the person who has installed the malicious program • Collect the data stored in USB • Collect the information about the data leaked from the computer • Trace the criminals who has done the crime using USB flash drive It helps the forensic investigators to: USB forensics is the technique of recovering and analyzing digital evidence from a USB flash drive and affected computer in a forensically sound manner
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensic Investigation Secure and evaluate the scene Document the scene Image the computer and USB device Acquire the data Examine the computer Analyze the USB Generate reports
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Secure and Evaluate the Scene Ensure that only the authorized person handles the scene Handle USB evidence properly to maintain physical evidence such as fingerprints Interview the owner of the USB, ask for any security code or password to gain access to the contents in USB Do not allow the suspects to handle the USB and the computer Search surrounding area and rooms, other than where a device is found
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Document the Scene and Devices Document the state of each device and computer that is synchronized with it Record the location and condition of USB, computers, storage media, and other digital devices Refer the non-electronics evidence such as invoices, manuals, and packaging material which may provide the information about USB capabilities and unlocking code Document the date and time of the evidence collected Photograph the crime scene including USB, cables, cradles, power connectors, and computer Avoid touching the USB while photographing Maintain a chain of custody
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Image the Computer and USB Device Prepare the bit-by-bit copy of memory, configuration of the affected computer using the tool like Safe Back Create the image of USB flash drive using the USB Image Tool 1.31 Use the hashing techniques such as MD5 to check the integrity of the imaged data
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Acquire the Data Collect all the data from the USB image and computer devices • Bad data Pro • Data Doctor Recovery You can use these recovery tools to recover the deleted files:
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Check Open USB Ports Option 1: Go to Device Manager Open Port Closed Port In Registry Editor, locate and then click the following registry key: • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUsbStor In the details pane, double-click Start In the Value data box, 3 denotes enabled USB and other values indicates disabled USB Option 2:
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: USBTOR Footprints or artifacts are created in registry when a USB device is connected to the Windows system Plug and Play (PnP) Manager queries the device descriptor in the firmware for information about the device After the identification, registry key will be created beneath the following key: •HKEY_LOCAL_MACHINESystemCurrentControlSetEnumUSBSTOR Sub key beneath this key look like: •Disk&Ven_###&Prod_###&Rev_###
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: DeviceClasses Navigate to the following key: •HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlDevice Classes The value iSerialNumber is a unique instance identifier for the device It is similar to the MAC address of a network interface card ParentIdPrefix value can be used to correlate additional information from within the Registry ParentIdPrefix determines the time when the USB device was last connected to the Windows system
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Examine Registry of Computer: MountedDevice Path to the MountedDevice is: •HKEY_LOCAL_MACHINESystemMountedDevice MountedDevices key stores information about the various devices and volumes mounted to the NTFS file system Use the ParentIdPrefix value found within the unique instance ID key to map the entry from USBSTOR to the MountedDevices
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Generate Reports Note the name of the investigator List of evidence gathered Documents of the evidence and other supporting items List of tools used for investigation Devices and set up used in the examination Brief description of the examination steps Details about the finding: • Information about the USB data • Computer related evidence • Data and image analysis Conclusion of the investigation
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Forensic Tools: Bad Copy Pro http://www.jufsoft.com/ Bad Copy Pro recovers the deleted files, formatted drive, or data loss due to damage, media error, and bad sectors of the USB flash drive It is a safe data recovery software that performs read-only operations on the USB flash drive and saves the recovered files
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Doctor Recovery http://www.datadoctor.in/ Data Doctor Recovery supports major USB device manufacturer’s Super flash, Kingston, Samsung, Transcend, Sony, and other latest series The software is easy and simple to use providing user friendly interface Features: • Recovers lost files including jpg, jpeg, gif, bmp, mpeg, and other stored records • Supports USB drive including pen drives, Zip drive, SD card, PC card, Flash memory etc. • Scans and transports data to the safe location according to the preloaded file structure • Recovers damaged data from any software Virus attack
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Doctor Recovery: Screenshot
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Image Tool http://www.alexpage.de/ USB Image Tool is the freeware which can create images of USB memory sticks • Creates image files of USB drives • Restores images of USB drives • Compressed image file format • Shows USB device information • Manages favorite USB images Feature of USB Image Tool:
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USB Image Tool: Screenshot
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USBDeview http://www.nirsoft.net/ USBDeview is a small utility that lists all USB devices that are currently connected to your PC or have been connected to it in the past Along with the device’s name and description, it displays the serial number, date the device was added and last connected, VendorID, and other information It can also be used to gather USB devices from a remote computer via command line
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited USBDeview: Screenshot
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary USB is the serial bus standard to interface devices to a host computer USB flash drive is the portable and rewritable data storage device integrated with a USB interface USB forensics is the technique of recovering and analyzing digital evidence from a USB flash drive and affected computer under forensically sound conditions Footprints or artifacts are created in registry when a USB device is connected to the Windows system USB CopyNotify is a software utility that notifies when a USB Stick is being used on any of the PCs on the network
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited