Skip to content
No description, website, or topics provided.
PowerShell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
event_collector
LICENSE
README.md

README.md

usb_investigator

This tools is designed to be able to gather USB-related artifacts from Windows machines. Also script is designed to correlate these informations. So far this is only a collector for Windows evtx-based information.

The following sources are going to be checked and collected in the future by the script:

- Windows events (evtx files)
- Registry files
- Other artifacts (LNK files, Recent files, etc)
- setupAPI.dev.log file

Content of event_collector folder:

- separate Powershell script for each event sources I investigated -> use this if you only want to collect some, but not all of the mentioned events
- a common owershell script that collects every investigated events named usbLogCollector.ps1 -> use this if you want to collect every events from the related blog post
You can’t perform that action at this time.