USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS (vista and later).
USBTracker read some protected log files and needs to be run with administrator permissions. The most simple way to run USBTracker is to launch a CMD or Powershell console with a right click “run as administrator”, then execute the script inside it.
Executable version :
If you don’t have a python distribution installed on the computer you want to analyze with USBTracker, you can also download an .exe “compiled” version with *PyInstaller of the script from the repository.
USBTracker is developed with Python 2.7 and has not been tested with other Python versions. It uses the great Python module Python-evtx of Willi Ballenthin. So, please don’t forget to install it before use USBTracker.
Usage : usbtracker.exe -h