Hello
I need some information about registry structure of windows 7. When i attach a usb flash drive to a pc installed windows 7, flash drive leaves some traces. could you tell me Which traces are they and their places?
Any info., book, article etc. will be very helpful.
Thanks.
Windows Forensic Analysis by Harlan Carvey pp.155-159 has some good info - I presume this is followed up to at least some extent in his new book Windows Registry Analysis, that I have not had the pleasure of reading yet.
There is however plenty of info if you search for 'USBSTOR' (this is the name of one of the keys in the SYSTEM hive that record information about removable devices), I am sure there is plenty written on the subject.
The program USBDeview is good, as is RegRipper (again, written by Harlan) when you run the SOFTWARE plugin again the SOFTWARE hive file.
Hope that helps!
Regards,
Joe
Rob Lee from Sans did a great writeup about this a year or 2 back. I was working up my own materials on this at the time, but after Rob put his up, I just started linking to him. LMGTFY
http//
http//
Thanks everybody
All info are very good. I will read all of them.