Tracing USB device artefacts on windows XP operating system for forensic purpose
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University
Faculty
Faculty of Computing, Health and Science
School
School of Computing, Health and Science
RAS ID
4043
Abstract
On Windows systems several identifiers are created when a USB device is plugged into a universal serial bus. Some of these artefacts or identifiers are unique to the device and consistent across different Windows platforms as well as other operating systems such as Linux. Another key factor that makes these identifiers forensically important is the fact that they are traceable even after the system has been shut down. Hence they can be used in forensic investigations to identify specific devices that have been connected to the system in question.
DOI
10.4225/75/57b10f81c704d
Access Rights
free_to_read
Comments
Luo, V. C. (2007, March). Tracing USB Device artefacts on Windows XP operating system for forensic purpose. In Australian Digital Forensics Conference (p. 23). Available here