Learn to link USB activity to Windows systems with this forensic guide. Discover how to identify attached devices and analyze their usage efficiently.
This course is a hands-on guide for forensic analysts to track USB activity on Windows computers. You'll learn to identify, time, and attribute USB devices using free tools, making your skills super sharp and ready for real-world applications.
A forensic guide for linking USB activity to Windows computer systems
Have you ever been asked to find out what the "F" drive is? Have you ever needed to prove a USB drive was attached to a target system? Collecting and presenting this information is a core skill all computer forensic analysts need know. If you have ever struggled with this then this class is for you. This course breaks down the process of collecting and interpreting the data necessary to make the connection between USB device and Windows systems.
Using all freely available tools, this course walks you through the process of identifying USB devices that have been attached to a system and shows you how to determine the times they were attached, what the volume names are, what the assigned drive letters were and which user mounted the USB volumes - all of this in about an hour.
Learn to find information about attached USB devices on Windows 7 & Windows 8 systems
Learn how to tie a specific User account to USB activity
Learn to identify when USB devices were first and last attached to the system
11 Lectures
3 Lectures
15 Lectures
1 Lectures
Over 20 years of experience in Digital Forensics and Security Incident Response. Investigations span corporate (Fortune 500) incident response, technical litigation support for civil and criminal cases, and e-discovery. Author and developer of computer forensic training and analysis tools. Specialties include Windows forensics, Linux forensics, Mac forensics, & mobile device forensics. Certifications include: C|EH, CFCE, CISSP, EnCE, CCE
Great course, simple and very practical!
Great match for my professional carreer.
Great
Good
N.A
g
Easy to comprehend
Useful
There is a lot of good information in this course. However, question 4 of Quiz 1 is incorrect. Volume name is not located at SOFTWARE\Microsoft\Windows\Windows Portable Devices\Devices. It is located at SOFTWARE\Microsoft\Windows Portable Devices\Devices
Your email address will not be published. Required fields are marked *
Kebalepile D.
It is a good a good course since the world is going digital, so i am learning a lot from this course.