How to find missing USB Records?
2017-10-25 15:55
411 查看
In my previously article "EnCase missed some USB activities in the evidence files", I mentioned about that EnCase could only "see" few USB records. Actually not only EnCase may not see all USB records, some other forensic tools got the same problems.
What else could help us to find the missing USB Records? Take Windows 10 for example, we could take a look at the event log file named "Microsoft-Windows-Kernel-PnP%4Configuration.evtx" as below. You could know the brand, model and serial number and the timestamp etc.
Actually there is more than one USB device that suspect used as below. It's Seagate BUP_BK, but what's wrong with the serial number? All the digit is zero? That's not gonna happen,right?
Don't worry~ Just take a look at the following record and you will see its actual serial number.
What else could help us to find the missing USB Records? Take Windows 10 for example, we could take a look at the event log file named "Microsoft-Windows-Kernel-PnP%4Configuration.evtx" as below. You could know the brand, model and serial number and the timestamp etc.
Actually there is more than one USB device that suspect used as below. It's Seagate BUP_BK, but what's wrong with the serial number? All the digit is zero? That's not gonna happen,right?
Don't worry~ Just take a look at the following record and you will see its actual serial number.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 如何找出相邻3条记录都满足同一条件(How to find out 3 continuous records all reach the same condition)
- How-To Find the Source of "Unaligned Access"
- How to analyze missing translations / missing texts
- How to find exchange server users
- How to find your web part
- How to stop looking for someone perfect and find someone to love
- Openvms-C-Sourcecode- How to Find which Processes are using a specific pagefile or swapfile
- how to find sharepoint app pool in win server2008?
- Troubleshooting High I/O Wait in Linux --- A walkthrough on how to find processes that are causing h
- failed to find target android-7 Please install the missing platform
- How-to create a Windows 10 usb installation media in Linux
- How to mount ntfs external USB drive to CentOS 5,CentOS挂载移动硬盘
- How to find out which process is listening upon a port
- How to find TOP 3 in each group?
- How to resolve such problem :unpack failed: error Missing tree
- [MVC] 获取请求时缺少"+"的处理办法 How to fix the bug that missing plus in Request.QueryString/Form
- How to Use Docker on OS X: The Missing Guide (杂译)
- find: missing argument to `-exec’ 或 find: 遗漏“-exec”的参数
- NFL Playoffs 2011: How to Find the Perfect NFL Cheerleader
- How To Create USB Dos Boot Disk