USB thumb drive query

Sorry keydet89, I missed the other question as was in a rush working on another report.

I'm not sure I understand what you are asking here? I have checked the device on different machines to rule out something funky with my analysis machine. The second character (in disk view using Xways) is not a '&', it's an 'À'

Jaclaz, can't send a pic of the drive as it has client identifying information on it, but the below link is pretty much what it looks like. Just a standard black swivel generic sort of drive.

http//www.aliexpress.com/item-img/New-Arrival-USB-2-0-Flash-Memory-Stick-Jump-Drive-Fold-Pen-2GB-BLACK-Y559/501193314.html
The Vendor is listed as SMI Corporation
Vid_090c&Pid_1000

Just a standard black swivel generic sort of drive.

http//www.aliexpress.com/item-img/New-Arrival-USB-2-0-Flash-Memory-Stick-Jump-Drive-Fold-Pen-2GB-BLACK-Y559/501193314.html
The Vendor is listed as SMI Corporation
Vid_090c&Pid_1000

Well, those are "bulk-bulk", they are commercialized branded by *anyone* and it is thus very likely that a given "brand" or possibly just a single production "batch" has been initialized without a Serial Number (the SMI Manufacturer's Tool, like many other ones, provides alternatively NO Serial, Manual Serial, Autogenerated Incremental, Random - besides allowing for different serial number lengths).

So, no certainty whatever, only the confirmation that it is possible that it came "from the factory" without a Serial Number (unlikely but possible).
As a comparison if it was coming from a number of "well known" brands, I would have rated the possibility "very, very unlikely" or "nearly impossible".

jaclaz

I second what jaclaz just said.

When I have taken apart these flash drives, indeed they are "bulk-bulk". The exterior would be identical (other than the exterior markings, logos) but the interiors (PCB, chips, etc.) were different.

No problems, thanks for the extra info gents, let's hope they don't ask me to match that particular drive to a computer then )

I'm not sure I understand what you are asking here? I have checked the device on different machines to rule out something funky with my analysis machine. The second character (in disk view using Xways) is not a '&', it's an 'À'

Then, if you're referring to the device serial number, the device does have a serial number, and the question is moot.

The second character (in disk view using Xways) is not a '&', it's an 'À'

This sounds like you might be looking at the second byte of sector 0 on the disk, not the second character of the serial number. What is the second character of the serial number/device identifier that's recorded in the USBSTOR subkey of the machine(s) to which you've connected this device?

Related, in the spirit of contributing to clear the matter/misunderstandings, a couple of tools that might help Adam10541 in checking the relevant Registry keys
http//sourceforge.net/projects/usbhistory/
http//www.nirsoft.net/utils/usb_devices_view.html
http//www.nirsoft.net/utils/usb_log_view.html

And some reference
http//www.forensicfocus.com/Forums/viewtopic/t=9969/
http//www.msfn.org/board/topic/138563-usb-device-not-recognized/#entry888222

jaclaz