Resolving Attached USBs on Windows Systems

Or log in to access your purchased courses

Discover USB devices attached to Windows systems.

Have you ever been asked to find out what the “F” drive is? Have you ever needed to prove a USB drive was attached to a target system? Collecting and presenting this information is a core skill all computer forensic analysts need know. If you have ever struggled with this then this class is for you. This course breaks down the process of collecting and interpreting the data necessary to make the connection between USB device and Windows systems.

Using all freely available tools, this course walks you through the process of identifying USB devices that have been attached to a system and shows you how to determine the times they were attached, what the volume names are, what the assigned drive letters were and which user mounted the USB volumes – all of this in about an hour.

Course Goals

  • Learn to find information about attached USB devices on Windows 7 & Windows 8 systems
  • Learn how to tie a specific User account to USB activity
  • Learn to identify when USB devices were first and last attached to the system
  • Learn how to discover the volume name and assigned drive letter of attached USB devices
  • Learn how to extract data that will identify the make and model of attached USB devices
  • Learn to do all of this using freely available computer forensic tools



Resolving USBs - Overview of the Analysis Process


Resolving USBs - Practical Exercises