Re: [sleuthkit-users] USB setupapi disk image
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] USB setupapi disk image
|
From: Kalin K. <me....@gm...> - 2015-07-28 15:23:33
|
On Jul 29, 2015 12:03 AM, "Sarah Ash" <sa...@ny...> wrote: > > For my digital forensics course, I am developing an Autopsy Python plugin that analyzes USB device history. I haven't yet located a sample forensics disk image that contains a setupapi log. The setupapi log would tell you when a USB device history was first installed. Any help locating a disk image would be greatly appreciated! > Why not create one ? Just a fresh install is fine, plug some USB storage devices and you are done. Since you will be focusing on file contents, AFAU, you can create a new small filesystem and copy only the files your module operates on. Kalin. |
