I have been doing,,,,,,,,forensic research in windows platform…….. regarding usb storage logs in windows,,,,,,,,,,,,,,, In linux,,,,,,,,,, i could not find,…….. specific details of pendrive or usb external storage device usage history………After spending some time in googling, i came 2 find some entries in /var/log/messages and /proc/scsi/usbstorage,,,,,,, locations,,,, but most of the entries are available only when u actually connect the pendrive, and when u remove the pendrive,,, the entries will be deleted,,,,,,,,,,,,,,,,,,,,,,,,,,, so i want know,,,,,,,, any tools or specific script……. to find the locations of usb usage history…….. for example usb history dump for windows…………
any suggestions in this regard is greatly appreciated
thanks in advance
Depends upon the version of Linux and whether it supports udev or not but two places to look
1. the "dmesg" command prints out the kernel ring buffer which is fairly large in modern Linux kernels. The ring buffer includes device detection methods.
2. Some Linuxes record this information in the /etc/blkid.tab and /etc/blkid.tab.old, or for FHS compliant Linuxes, /etc/blkid/blkid.tab and /etc/blkid/blkid.tab.old, however, there are some caveats
http//
Hello,
entry for usb-drives you can find in /var/log/messages or /var/log/kern.log. Older logs you can find in /var/log/messages.X[.gz] or /var/log/kern.log.X[.gz]. X stands for an number.
If KDE(4) is running take a lock at $HOME/.kde/share/config/kded_device_automounterrc. But there's no timestamp.
Dennis
thanks for the suggestions…. but i could not find the automounterrc file in the kde… any other location..?