Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.md
README.md~
__init__.py
usbstor.py

README.md

USBSTOR

Descriptions

Scans registries for values relating to USB devices plugged in to the system.

Authors:

  • Kevin Breen
  • James Hall

Usage:

vol.py --plugins=plugindir --profile=Win7SP1x64 -f win7mem.img usbstor

Example output:

user@ubuntu:~/Desktop$ vol.py --plugins=/home/users/volatility_plugins --profile=Win7SP1x86 -f Win7-Analysis-1d23dece.vmem usbstor
Volatility Foundation Volatility Framework 2.5
Reading the USBSTOR Please Wait
Found USB Drive: AAA6O95BT0GDMPM0&0
	Serial Number:	AAA6O95BT0GDMPM0&0
	Vendor:	SMI
	Product:	USB_DISK
	Revision:	1100
	ClassGUID:	USB_DISK

	ContainerID:	{638e1754-cecf-5255-8af3-cd6f1e1d51b0}
	Mounted Volume:	\??\Volume{ffefd27e-110e-11e6-96bb-000c29a1e376}
	Drive Letter:	\DosDevices\E:
	Friendly Name:	SMI USB DISK USB Device
	USB Name:	E:\
	Device Last Connected:	2016-05-10 15:01:22 UTC+0000

	Class:	DiskDrive
	Service:	disk
	DeviceDesc:	@disk.inf,%disk_devdesc%;Disk drive
	Capabilities:	16
	Mfg:	@disk.inf,%genmanufacturer%;(Standard disk drives)
	ConfigFlags:	0
	Driver:	{4d36e967-e325-11ce-bfc1-08002be10318}\0002
	Compatible IDs:
		USBSTOR\Disk
		USBSTOR\RAW
		
		
	HardwareID:
		USBSTOR\DiskSMI_____USB_DISK________1100
		USBSTOR\DiskSMI_____USB_DISK________
		USBSTOR\DiskSMI_____
		USBSTOR\SMI_____USB_DISK________1
		SMI_____USB_DISK________1
		USBSTOR\GenDisk
		GenDisk
		
		
Windows Portable Devices
	FriendlyName:	E:\
	Serial Number:	4C531001611013119473&0
	Last Write Time:	2016-09-24 17:03:29 UTC+0000


Unified output is also available.