Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This tools is designed to be able to gather USB-related artifacts from Windows machines. Also script is designed to correlate these informations. So far this is only a collector for Windows evtx-based information.

The following sources are going to be checked and collected in the future by the script:

- Windows events (evtx files)
- Registry files
- Other artifacts (LNK files, Recent files, etc)
- file

Content of event_collector folder:

- separate Powershell script for each event sources I investigated -> use this if you only want to collect some, but not all of the mentioned events
- a common owershell script that collects every investigated events named usbLogCollector.ps1 -> use this if you want to collect every events from the related blog post
You can’t perform that action at this time.