hi, i created a lil tool (as part my university coursework) that takes a USB memory stick device's unique instance ID and then can be implemented on 'live' machines using this inforamtion to detect the devices presence and last and first plugin dates. My angle was that the tool could be used in coporate environments where 100's of computers were potentially involved. Currently this tool only detects devices on windows operating systems, but i need to justify its usefulness. I am sure there are thousands of tools out there that can do this but i havnt found any applications that do so "hopefully" I was just after your opinions as to whether I have created something useful! (Then maybe i could prove/disprove my tools worth to my lecturer!!). Any thoughts on the tool or references to existing tools would be helpful and i would be grateful! I was thinking that maybe if I expanded this type of detection into linux OS's it may become more usefull?
thanks
Sounds like it could be useful. Are you going to make it available to the good folk of Forensic Focus to test?
Yes I could do that, it comes as part of a set of tools which I grouped together for my project for examining USB memory sticks. I "hope" it doesnt contain too many bugs!
I get a kick hearing *only on Windows* … you've only got 90% of the market cornered. 😉 …and that other 10%, the *nix market, that's the easy coding.
Sounds very interesting; best of luck, and I hope to see a beta link soon!
=)
The coding for Windows is really very easy…