Explore USB flash drive forensics in this 57-minute conference talk from 44CON 2011. Delve into the history of USB technology, hardware and software components of flash drives, file systems, and Windows-specific considerations. Learn about write blockers, the Windows registry, and USB device viewing tools. Discover forensic techniques for storage media analysis, including sector-by-sector copying and command block operations. Examine the FTDI block diagram, IDE interface, and Guzzi commands. Gain insights into device power management, user-friendly implementations, and the concept of a USB write blocker. Consider future directions, potential challenges, and the role of the Open Source Cyber Forensics Association in this field.
Overview
Syllabus
Intro
Overview
The IT Crowd
USB History
Hardware
Software
Flash Drive Hardware
Flash Drive Software
File Systems
Windows
Write blocker
Windows registry
USB Device View
Results
Forensics
Storage Media
FTDI
Block Diagram
IDE
IO
Sectorbysector copy
Command block
Guzzi commands
Status wrapper
Code
Device
Power
Userfriendly
Puzzle tin
USB write blocker
Future directions
Possible problems
Open Source Cyber forensics Association
References
Taught by
44CON Information Security Conference
