Course Curriculum

    1. Introduction to USB Forensics

    2. How USBS Work

    1. USB Registry Artifacts

    2. USB Basic Information

    3. Mounted Devices

    4. MountPoints

    5. Volume Serial Number

    6. USB Timestamps

    7. Check Your Knowledge

    8. RegRipper USB Plugin

    9. Use Case: USB Artifacts in Windows Registry

    1. Introduction to USB Artifacts in Shellbags

    2. Use Case: USB Artifacts in Windows Shellbags

    1. USB Windows Event Viewer Artifacts

    2. Using Windows Event Viewer

    3. Extracting Logs from a Disk Image

    1. USB Artifacts in the Setupapi.dev.log File

    2. Parsing the Setupapi Log

    1. Other USB Analysis Tools

    2. Installing & Using USB Detective

    3. NirSoft USBDeview

About this course

  • $50.00
  • 26 lessons
  • 0 hours of video content

6 CPE Credits

After completing this course, you will earn:

Learning Outcomes

After completing this course, you will learn the following.

  • The ability to analyze and describe USB artifacts such as device ID, first connection date, last connection date, drive letter, number of times the device was inserted, and more.

  • The ability to utilize software to aid USB investigations.

  • Understanding of Windows Event Logs

  • Understanding of the Setupapi file.

Technical Requirements

For the hands-on labs in this course

  • Windows machine (recommended Windows 10)

  • Internet connection

  • The ability to extract the HKLM/SYSTEM and HKLM/SOFTWARE registry hives

  • Registry Explorer

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates

Thank You