In my previously article "EnCase missed some USB activities in the evidence files", I mentioned about that EnCase could  only "see" few USB records. Actually not only EnCase may not see all USB records, some other forensic tools got the same problems.

What else could help us to find the missing USB Records? Take Windows 10 for example, we could take a look at the event log file named "Microsoft-Windows-Kernel-PnP%4Configuration.evtx" as below. You could know the brand, model and serial number and the timestamp etc.

Actually there is more than one USB device that suspect used as below. It's Seagate BUP_BK, but what's wrong with the serial number? All the digit is zero? That's not gonna happen,right?

Don't worry~ Just take a look at the following record and you will see its actual serial number.

How to find missing USB Records?的更多相关文章

  1. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  2. Basic Concepts of Block Media Recovery

    Basic Concepts of Block Media Recovery Whenever block corruption has been automatically detected, yo ...

  3. Learning notes | Data Analysis: 1.1 data evaluation

    | Data Evaluation | - Use Shift + Enter or Shift + Return to run the upper box so as to make it disp ...

  4. Learning notes | Data Analysis: 1.2 data wrangling

    | Data Wrangling | # Sort all the data into one file files = ['BeijingPM20100101_20151231.csv','Chen ...

  5. Needle in a haystack: efficient storage of billions of photos 【转】

    转自09年的blog,因为facebook在国内无法访问,故此摘录. The Photos application is one of Facebook’s most popular features ...

  6. [译] iOS 11.4.1 Beta:全新的USB限制模式

    (Source/原文链接 https://blog.elcomsoft.com/2018/06/ios-11-4-1-beta-usb-restricted-mode-has-arrived/) 作者 ...

  7. linux设备驱动之USB主机控制器驱动分析 【转】

    转自:http://blog.chinaunix.net/uid-20543183-id-1930831.html   ---------------------------------------- ...

  8. usb驱动开发18之设备生命线

    现在已经使用GET_DESCRIPTOR请求取到了包含一个配置里所有相关描述符内容的一堆数据,这些数据是raw的,即原始的,所有数据不管是配置描述符.接口描述符还是端点描述符都挤在一起,所以得想办法将 ...

  9. usb驱动开发17之设备生命线

    拜会完了山头的几位大哥,还记得我们从哪里来要到哪里去吗?时刻不能忘记自身的使命啊.我们是从usb_submit_urb()最后的那个遗留问题usb_hcd_submit_urb()函数一路走来,现在就 ...

随机推荐

  1. Java 包装类Integer的值比较

    对于包装类型Integer的值比较与int的值比较是不同的:   public class Java_Val_Compare { public static void main(String[] ar ...

  2. python3.5 + PyQt5 +Eric6 实现的一个计算器

    目前可以实现简单的计算.计算前请重置,设计的时候默认数字是0,学了半天就做出来个这么个结果,bug不少. python3.5 + PyQt5 +Eric6 在windows7 32位系统可以完美运行 ...

  3. 关于理解python类的小题

    今天看了python部落翻译的一篇<一道python类的小题>文章,感觉挺有启发性,记录下来: print('A') class Person(object): print('B') de ...

  4. 关于java 定时任务

    几种任务调度的 Java 实现方法与比较 综观目前的 Web 应用,多数应用都具备任务调度的功能.本文由浅入深介绍了几种任务调度的 Java 实现方法,包括 Timer,Scheduler, Quar ...

  5. (python)leetcode刷题笔记03 Longest Substring Without Repeating Characters

    3. Longest Substring Without Repeating Characters Given a string, find the length of the longest sub ...

  6. vexx 邀请码 送3个比特龙

    错过了比特币的行情,注册获取3个原始比特币分叉币,比特龙. 目前10元一个,送3个币.类似于股票IPO,第一天一般会冲高十几倍,建议第一天就卖. 如果看好就继续持有吧. 放心是送的不用钱的. 注册网址 ...

  7. numpy库常用基本操作

    NumPy数组的维数称为秩(rank),一维数组的秩为1,二维数组的秩为2,以此类推.在NumPy中,每一个线性的数组称为是一个轴(axes),秩其实是描述轴的数量.比如说,二维数组相当于是一个一维数 ...

  8. Java的注释和Javadoc在eclipse生成的方法 – Break易站

    本文内容来自:Java的注释和Javadoc在eclipse生成的方法 – Break易站 1.  Java的注释 Java里有两种注释风格.下面这个写法是非常常见的 1 2 3 4 /*This i ...

  9. 第三章:Python基础の函数和文件操作实战

    本課主題 Set 集合和操作实战 函数介紹和操作实战 参数的深入介绍和操作实战 format 函数操作实战 lambda 表达式介绍 文件操作函数介紹和操作实战 本周作业 Set 集合和操作实战 Se ...

  10. Android开发——使用高级的RecyclerView实现侧滑菜单删除功能(SwipeRecyclerView)

    使用之前,先简单介绍一下这个SwipeRecyclerView,这是严大(严振杰)基于RecyclerView的进行修改和封装的高级RecyclerView,其可以实现像QQ聊天界面的侧滑删除菜单,和 ...