Course Curriculum

  • 01

    USB FORENSICS INTRODUCTION

    • Introduction to USB Forensics

    • How USBS Work

  • 02

    USB REGISTRY ARTIFACTS

    • USB Registry Artifacts

    • USB Basic Information

    • Mounted Devices

    • MountPoints

    • Volume Serial Number

    • USB Timestamps

    • Check Your Knowledge

    • RegRipper USB Plugin

    • Use Case: USB Artifacts in Windows Registry

  • 03

    USB ARTIFACTS IN SHELLBAGS

    • Introduction to USB Artifacts in Shellbags

    • Use Case: USB Artifacts in Windows Shellbags

  • 04

    USB WINDOWS EVENT VIEWER ARTIFACTS

    • USB Windows Event Viewer Artifacts

    • Using Windows Event Viewer

    • Extracting Logs from a Disk Image

  • 05

    USB ARTIFACTS IN THE SETUPAPI.DEV.LOG FILE

    • USB Artifacts in the Setupapi.dev.log File

    • Parsing the Setupapi Log

  • 06

    OTHER USB ANALYSIS TOOLS

    • Other USB Analysis Tools

    • Installing & Using USB Detective

    • NirSoft USBDeview

  • 07

    USB ARTIFACTS CHEAT SHEET & SUMMARY

    • USB Artifacts Cheat Sheet

    • Summary

  • 08

    QUIZZES & LAB

    • Check Your Knowledge

    • USB Forensics Hands-On

    • USB Forensics Hands-On Solution

Learning Outcomes

After completing this course, you will learn the following.

  • The ability to analyze and describe USB artifacts such as device ID, first connection date, last connection date, drive letter, number of times the device was inserted, and more.

  • The ability to utilize software to aid USB investigations.

  • Understanding of Windows Event Logs

  • Understanding of the Setupapi file.

Technical Requirements

For the hands-on labs in this course

  • Windows machine (recommended Windows 10)

  • Internet connection

  • The ability to extract the HKLM/SYSTEM and HKLM/SOFTWARE registry hives

  • Registry Explorer

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates