Course Curriculum
-
01
USB FORENSICS INTRODUCTION
-
Introduction to USB Forensics
-
How USBS Work
-
-
02
USB REGISTRY ARTIFACTS
-
USB Registry Artifacts
-
USB Basic Information
-
Mounted Devices
-
MountPoints
-
Volume Serial Number
-
USB Timestamps
-
Check Your Knowledge
-
RegRipper USB Plugin
-
Use Case: USB Artifacts in Windows Registry
-
-
03
USB ARTIFACTS IN SHELLBAGS
-
Introduction to USB Artifacts in Shellbags
-
Use Case: USB Artifacts in Windows Shellbags
-
-
04
USB WINDOWS EVENT VIEWER ARTIFACTS
-
USB Windows Event Viewer Artifacts
-
Using Windows Event Viewer
-
Extracting Logs from a Disk Image
-
-
05
USB ARTIFACTS IN THE SETUPAPI.DEV.LOG FILE
-
USB Artifacts in the Setupapi.dev.log File
-
Parsing the Setupapi Log
-
-
06
OTHER USB ANALYSIS TOOLS
-
Other USB Analysis Tools
-
Installing & Using USB Detective
-
NirSoft USBDeview
-
-
07
USB ARTIFACTS CHEAT SHEET & SUMMARY
-
USB Artifacts Cheat Sheet
-
Summary
-
-
08
QUIZZES & LAB
-
Check Your Knowledge
-
USB Forensics Lab
-
USB Forensics Lab Solution
-
6 CPE Credits
After completing this course, you will earn:
Learning Outcomes
After completing this course, you will learn the following.
-
The ability to analyze and describe USB artifacts such as device ID, first connection date, last connection date, drive letter, number of times the device was inserted, and more.
-
The ability to utilize software to aid USB investigations.
-
Understanding of Windows Event Logs
-
Understanding of the Setupapi file.
Technical Requirements
For the hands-on labs in this course
-
Windows machine (recommended Windows 10)
-
Internet connection
-
The ability to extract the HKLM/SYSTEM and HKLM/SOFTWARE registry hives
-
Registry Explorer
What is next at Cyber 5W?
Add your email to the mailing list to get the latest updates