SANS Digital Forensics and Incident Response Blog: Tag - USB Key

USB Key Analysis vs. USB Drive Enclosure Analysis

Computer Forensic Guide To Profiling USB Drive Enclosures on Win7, Vista, and XP

There has been much talk about USB Device Forensic Analysis. Many assume that analyzing a USB Key will be the same as analyzing a USB Drive Enclosure (e.g. USB Key Analysis = USB Drive Enclosure analysis). This is inaccurate.

USB Drive Enclosure


External

USB Key/Thumbdrive



Computer Forensic Guide To Profiling USB Device Thumbdrives on Win7, Vista, and XP

Several times over the past year it has come up in a discussion about the key differences between examining USB Key/Thumbdrives on XP, VISTA, and Windows 7. We did an initial post several weeks ago, but found some new information and have updated our guides as a result. Thanks to SANS Digital Forensic Instructor Colin Cree for the wonderful feedback.

As a part of the SEC408: Computer Forensic Essentials course, we have an extensive section on residue left by USB Devices. I am providing a single guides to help you answer the key USB Key/Thumbdrive questions for your case covering XP, VISTA, and Win7.