Peripheral devices ...
Clear all

Peripheral devices forensic analysis

New Member


I would ask you about how could I do a peripheral devices forensic analysis. If a malware can get persistence infecting a monitor, keyboard or mouse, how could analyse this?



Topic starter Posted : 23/02/2021 9:08 am
New Member

Analysis of logs from peripheral devices could throw some light on the protocol used for transmission, IP address details. Further analysis of Process logs in the affected systems could throw some light in the process or application exploited by the malware. 

Posted : 28/04/2021 12:10 pm
Active Member

If there is no first hand evidence for a particular activity in host logs or from sniffing the device's communication, you'd usually go for a comparison of internal storage with known good samples. It also helps to get as much vendor knowledge as possible, obtain and reverse engineer firmware, updaters, device drivers...

Posted : 30/04/2021 9:32 pm
Active Member

Anything with software / firmware could potentially host malware and more advanced keyboards and mice certainly have firmware in them.

In practice however devices like keyboard and mice are programmed in the factory as the PCB is being made (Printed Circuit Board). A device like a JTAG programmer is often used for programming and the only way to update the programming is with physical access to the PCB and the right tools. There are some exceptions to this however, where firmware updates can take place in the field. Here is an example of open source keyboard firmware.

you'd usually go for a comparison of internal storage with known good samples


Posted : 03/05/2021 5:30 am