USB FORENSICS

Dear eForensics readers!

I’m very excited sharing our team’s progress and direction with you. We are adding more topics of the day to the discovery of digital forensic science and test new technics, strengthened by continuous investigations and suggestions from our authors. We have already discussed computer and network forensics, databases and e-discovery, mobile forensics and malware analysis.

This time we are covering something brand new – USB drive forensics and security.

Our new expert – Philip Polstra – wrote a whole series on this subject which consists of 6 excellent articles. This interesting series also cater for those who have no USB forensics experience. He starts from a very basic level, extends to usable techniques and finishes with an open source tool comparison. I hope everyone will learn something new in this series.

 

WHAT YOU WILL FIND INSIDE:

​​ HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES. PART 1: USB BASICS

by Phil Polstra

USB mass storage devices have become the standard for backup and transfer of files.  The popularization of this media has led to challenges for forensic specialists used to traditional magnetic media.  This first article in a multi-part series will provide a necessary overview of how USB devices work at a low level. 

​​ ​HOW TO FORENSIC USB DEVICES

by Carlos Castro

In this article there is a description of difficulties added to computer forensic by the diversity of devices that were included at investigation scope after the creation and popularization of USB interface. The principal focus will be the investigation at Windows environment, describing some characteristics of this operational system, how it deals with USB devices and the attention points for the forensic image acquisition.

​​ ​HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES. PART 2: UNDERSTANDING USB MASS STORAGE DEVICES

by Phil Polstra

USB mass storage devices have become the standard for backup and transfer of files.  The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media.  This article in a multi-part series will provide readers with a basic understanding of how USB mass storage devices work at a low level.

​​ ​HOW TO PREVENT YOUR CORPORATE ENVIRONMENT FROM BEING INTRUDED BY INFECTED USB DEVICES

by Wimpie Britz

In today’s ever evolving computer landscape; employees are constantly bombarded by new technologies aimed at speeding up and improving the way that they conduct business. USB Devices are no exception to the rule, but can the corporate environment afford the risks associated with USB Devices.

​​ ​HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES. PART 3: DUPLICATING USB MASS STORAGE DEVICES

by Phil Polstra

USB mass storage devices have become the standard for backup and transfer of files.  The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media.  This article in a multi-part series will demonstrate how to construct cheap and compact USB mass storage device forensic duplicators.

​​ ​HOW TO DETECT A FILE WRITTEN TO AN USB EXTERNAL DEVICE IN WINDOWS FROM THE MRU LISTS

by Carlos Dias da Silva

Today one of the principal company asset is the digital information. The digital information can be used of a lot of methods and also can be copied using different modes. To know and to control what files were sent to out of the company is a problem nowadays and never is a little the investment to guarantee the data secure.

​​ ​HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES. PART 4: BLOCK WRITES TO USB MASS STORAGE DEVICES

by Phil Polstra

USB mass storage devices have become the standard for backup and transfer of files.  The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media.  This article in a multi-part series will demonstrate how to construct a cheap and compact write blocker for USB mass storage devices.

​​ ​USING SYNCBEE TO SYNCHRONIZE YOUR COMPUTER WITH A PORTABLE HARD DRIVE

by CHEN, JUN-CHENG (Jerry)

To avoid computer crashes and data loss, people jump on the “online backup” bandwagon to store their data to the Cloud in this data-booming era. Online backup is a good method for saving data. However, we need to be aware of problems when our data is stored in a risky remote space environment. Also note that Internet bandwidth can drastically slow down our backup time and work efficiency. 

​​ ​HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES. PART 5: IMPERSONATING USB DEVICES

by Phil Polstra

USB mass storage devices have become the standard for backup and transfer of files.  The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media.  In this firth part of a multi-part series a simple and inexpensive device for bypassing some endpoint security software by allowing any USB mass storage device to present itself as an authorized (whitelisted) device is presented. 

​​ ​HOW TO PERFORM FORENSICS ON USB MASS STORAGE DEVICES. PART 6: LEVERAGING OPEN SOURCE

by Phil Polstra

USB mass storage devices have become the standard for backup and transfer of files.  The popularization of this media has led to challenges for forensic specialists trying to find data on fixed memory storage media instead of traditional magnetic media.  In this sixth article of a multi-part series we will examine how to leverage open source software in order to perform forensics on USB devices.