Tracing USB device artefacts on windows XP operating system for forensic purpose
School of Computer and Information Science, Edith Cowan University
Faculty of Computing, Health and Science
School of Computing, Health and Science
On Windows systems several identifiers are created when a USB device is plugged into a universal serial bus. Some of these artefacts or identifiers are unique to the device and consistent across different Windows platforms as well as other operating systems such as Linux. Another key factor that makes these identifiers forensically important is the fact that they are traceable even after the system has been shut down. Hence they can be used in forensic investigations to identify specific devices that have been connected to the system in question.