http://windowsir.blogspot.com/2007/04/from-lab-mapping-usb-devices-via-lnk.html
Monday, April 09, 2007
From the Lab: Mapping USB devices via LNK files
My first "From the Lab" post will be to address something I see regularly in forums; how does one tie a specific USB-connected device to a Windows system using shortcut (LNK) files, given nothing more than an acquired image to work with? We know that we can extract information about USB devices that have been connected to a system using nothing more than the raw System Registry file...we can get the devices, any drive letters they were mapped to, as well as the date that they were last connected to the system. However, often times we'll have some shortcut files in an image that will point to specific files...images, documents, etc...that we may be interested in, and the drive letter will be F:\ or G:\, or something else that is not part of the system (either as physical or logical drive) that we acquired the image from. So the question is, how do we map the shortcut file to the specific device?
Monday, March 1, 2010
Saturday, February 27, 2010
Linux Kernel Cross Reference
FreeBSD/Linux Kernel Cross Reference
sys/dev/pci/pcidevs
http://fxr.watson.org/fxr/source/dev/pci/pcidevs?v=NETBSD20
----------------------------------------------------------
sys/dev/pci/pcidevs
http://fxr.watson.org/fxr/source/dev/pci/pcidevs?v=NETBSD20
----------------------------------------------------------
Friday, February 26, 2010
USB ID resources
List of USB ID's
Maintained by Stephen J. Gowdy
http://www.linux-usb.org/usb.ids
-------------------------------------
Detailed USB Vid/Pid info
also, Driver and Controller info
Linux-USB device overview
-------------------------------------
Phoenix Technologies
The USB ID Database
http://listing.driveragent.com/b2/usb/
-------------------------------------
USB in a NutShell
Making sense of the SUB standard
http://www.beyondlogic.org/usbnutshell/
-------------------------------------
Tracing USB Device artefacts on Windows XP operating system for forensic purpose
Victor Chileshe Luo
School of Computing and Information Science
Edith Cowan University
- PDF
http://scissec.scis.ecu.edu.au/conference_proceedings/2007/forensics/23_Luo_Tracing_USB_Device_artefacts_on_Windows_XP.pdf
Maintained by Stephen J. Gowdy
http://www.linux-usb.org/usb.ids
-------------------------------------
Detailed USB Vid/Pid info
also, Driver and Controller info
Linux-USB device overview
-------------------------------------
Phoenix Technologies
The USB ID Database
http://listing.driveragent.com/b2/usb/
-------------------------------------
USB in a NutShell
Making sense of the SUB standard
http://www.beyondlogic.org/usbnutshell/
-------------------------------------
Tracing USB Device artefacts on Windows XP operating system for forensic purpose
Victor Chileshe Luo
School of Computing and Information Science
Edith Cowan University
http://scissec.scis.ecu.edu.au/conference_proceedings/2007/forensics/23_Luo_Tracing_USB_Device_artefacts_on_Windows_XP.pdf
Thursday, February 18, 2010
Digital Forensic Tools
CacheBack 2
Internet Cache and History Analysis - Free
-----------------------------------
MANDIANT Web Historian
Helps users review the list of websites (URLs) that are stored in the history files of the most commonly used browsers, including: Microsoft’s Internet Explorer, Mozilla, Firefox, Netscape, Opera and Safari. - Free
-----------------------------------
ProDiscover security tools
Technology Pathways - computer security tools and services - Pay
-----------------------------------
Digital Detective - Forensic Software
NetAnalysis - Pay
Dcode - Free
-----------------------------------
Event Log Explorer
Event Log Explorer provides powerful event search and filtering engine.
- Free for personal use
-----------------------------------
NetAnalysis Forensic Edition
NetAnalysis Forensic Edition - Eval and Pay
-----------------------------------
Subscribe to:
Posts (Atom)