Find file History
Permalink
..
Failed to load latest commit information.
README.md Updated README with Portable Device Output Sep 27, 2016
README.md~ Updated README with Portable Device Output Sep 27, 2016
__init__.py Initial Commit Sep 26, 2016
usbstor.py

README.md

USBSTOR

Descriptions

Scans registries for values relating to USB devices plugged in to the system.

Authors:

  • Kevin Breen
  • James Hall

Usage:

vol.py --plugins=plugindir --profile=Win7SP1x64 -f win7mem.img usbstor

Example output:

user@ubuntu:~/Desktop$ vol.py --plugins=/home/users/volatility_plugins --profile=Win7SP1x86 -f Win7-Analysis-1d23dece.vmem usbstor
Volatility Foundation Volatility Framework 2.5
Reading the USBSTOR Please Wait
Found USB Drive: AAA6O95BT0GDMPM0&0
    Serial Number:  AAA6O95BT0GDMPM0&0
    Vendor: SMI
    Product:    USB_DISK
    Revision:   1100
    ClassGUID:  USB_DISK

    ContainerID:    {638e1754-cecf-5255-8af3-cd6f1e1d51b0}
    Mounted Volume: \??\Volume{ffefd27e-110e-11e6-96bb-000c29a1e376}
    Drive Letter:   \DosDevices\E:
    Friendly Name:  SMI USB DISK USB Device
    USB Name:   E:\
    Device Last Connected:  2016-05-10 15:01:22 UTC+0000

    Class:  DiskDrive
    Service:    disk
    DeviceDesc: @disk.inf,%disk_devdesc%;Disk drive
    Capabilities:   16
    Mfg:    @disk.inf,%genmanufacturer%;(Standard disk drives)
    ConfigFlags:    0
    Driver: {4d36e967-e325-11ce-bfc1-08002be10318}\0002
    Compatible IDs:
        USBSTOR\Disk
        USBSTOR\RAW


    HardwareID:
        USBSTOR\DiskSMI_____USB_DISK________1100
        USBSTOR\DiskSMI_____USB_DISK________
        USBSTOR\DiskSMI_____
        USBSTOR\SMI_____USB_DISK________1
        SMI_____USB_DISK________1
        USBSTOR\GenDisk
        GenDisk


Windows Portable Devices
    FriendlyName:   E:\
    Serial Number:  4C531001611013119473&0
    Last Write Time:    2016-09-24 17:03:29 UTC+0000


Unified output is also available.