Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, …) on USB copy or open.
Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, …) on USB copy or open.
ShellBags! MFT! LNK! Memory Dumps! Hyberfil! Pagefile! So many options here….!
Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, …) on USB copy or open.
A few examples
http//
https://
Is there any method or tool witch allowed to monitor activity on USB? With activity I mean if you can by any chance see if was file (pdf, jpeg, doc, etc, …) on USB copy or open.
Just to clear your question (that has already been read and thus answered differently) are you asking about
1) "monitor" PAST activity (i.e. interpreting logs and artifacts created by default and standard OS, which is what Bunnysniper and Mreza referenced)
2) "monitor" CURRENT activity (i.e. recording what goes through the USB bus which is what AmNe5iA referenced)
jaclaz
Hello Agent47,
Unsure if you've already found your solution but can tell you that W4 by Vound can provide you the information you're requesting.
W4 has a nice feature called "Links". For example, you can see your document and all of the other artifacts linked to it such as usb drives, user accounts, etc.
Thanks
CM