USB Historian – Parse USB Connection History

0
0

USB Historian is a tool that may parse and provide information about USB connection history. Microsoft Windows operating systems records artifacts when USB removable storage devices (thumb drives, iPods, digital cameras, external HDD, etc.) are connected. These artifacts can be found in Plug and Play (PnP) log files as well as the Windows Registry.

For a forensic investigator dealing with the theft, movement, or access to data, these artifacts can play a critical role in an investigation.

USB Historian - Parse USB Connection History

USB Historian – Parse USB Connection History

Features:

  • Contains a cached copy of USB ID’s from http://www.linux-usb.org/usb.ids. If available VID/PID values will be looked up to provide additional device information.
  • Parses Computer Name to easily help locating USB devices used across multiple computers.
  • Displays over 20 attributes
  • Wizard driven analysis
  • Parses SetupAPI Logs (and backup logs)
  • Able to parse multiple NTUSER.DAT files at a time

You can read more and download USB Historian over here: http://www.4discovery.com/our-tools/

Share