USBTracker is a quick & dirty coded incident response and forensics.

USBTracker is a quick & dirty coded incident response and forensics.

USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS (vista and later).

Sample Screen Capture : USBTracker v-1.0.0 | USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS (vista and later).

Sample Screen Capture : USBTracker v-1.0.0 | USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS (vista and later).

Special recommandations:
USBTracker read some protected log files and needs to be run with administrator permissions. The most simple way to run USBTracker is to launch a CMD or Powershell console with a right click “run as administrator”, then execute the script inside it.

Executable version :
If you don’t have a python distribution installed on the computer you want to analyze with USBTracker, you can also download an .exe “compiled” version with *PyInstaller of the script from the repository.

Dependencies :
USBTracker is developed with Python 2.7 and has not been tested with other Python versions. It uses the great Python module Python-evtx of Willi Ballenthin. So, please don’t forget to install it before use USBTracker.

Usage : usbtracker.exe -h

Download : usbtracker-master.zip(4.0 MB) | Clone Url
Source: https://github.com/sysinsider