6 Minutes

The proliferation of USB devices not only is an added convenience to users but also a hindrance to network and information security and as a result can be used for nefarious purposes. This is why having the ability to examine USB device history and files are critical to digital forensic investigations. This assignment will walk through the basic forensic examination process of how to examine USB drive artifacts.  

This assignment was performed using Windows 10 running as a virtual machine inside of VMware Fusion 8 hypervisor on macOS Sierra as the host operating system. The first step is to wipe the hard drive clean in order to achieve uncontaminated results during our experiment. After a short search, I decided to use a freeware program called “Disk Wipe v1.7”. For the sake of time, I decided to wipe the USB drive using the one pass zero option, which basically write a pattern of zeroes across the entire drive’s files system ensuring that no remnants of any prior data remains.

Continue reading →