USB Detective

Detect. Investigate. Report.

Thorough Detection

USB Detective incorporates dozens of data points to identify and correlate USB device artifacts.

Intelligent Investigation

USB Detective organizes its findings to allow you to quickly identify misleading timestamps and streamline the investigation process.

Pragmatic Reporting

Multiple reporting mechanisms allow for easily-digested Excel reports or verbose reports for deeper analysis and research.

 Purchase USB Detective Professional Request USB Detective Trial License Download USB Detective Community

Highlighted Features

  • Processes USB device artifacts from Windows XP through Windows 11
  • Support for live system, individual files/folders, and logical drive processing
  • Processes multiple versions of all accepted artifacts
  • Source of every identified value preserved for later reporting and documentation
  • Leverage the latest changes in Windows to obtain even more device information
  • Visually represented timestamp consistency levels
  • Dozens of sources queried for USB device information
  • Automatically correlates LNK file and jump list records to show opened/accessed files on USB devices
  • Processes shellbags to reveal directory interactions and creations on removable media
  • USB Detective Splash Screen

Additional Features

    • Create Excel spreadsheets for high-level USB device history reports
    • Create verbose reports for deeper analysis and research
    • Create timelines including all unique connection/disconnection and deletion timestamps for each device
    • Create individual device timelines for all unique connection/disconnection timestamps for a single device
    • Add LNK file and jump list activity to reports to provide deeper insight into user activity
    • Identify device removal time(s) from device cleanup in Windows 10
    • Identify encryption type for encrypted devices
    • Identify multiple connection and disconnection times for each device
    • Leverage Windows event logs for improved correlation and device history
    • Replay registry transaction logs to identify device data not yet written to the primary hive
    • Automatically process and aggregate data from volume shadow copies
    • Identify devices even after they’re removed via Windows 10 device cleanup or feature update
    • Queried data points adjusted based on automatic OS version detection
    • Automatic checking and exclusion of unreliable timestamps
    • Search mounted forensic image instead of individual files/folders
    • Automatic detection of system timezone
    • Normalize local and UTC timestamps using system timezone
    • Alerts for suspicious timestamps
    • Correlation using multiple data points (device serial, disk ID, etc.)
    • Advanced correlation of external hard drives
    • Advanced correlation for Apple devices
    • Identify prior volume names and serial numbers for formatted devices
    • Settings from prior session automatically reloaded
    • Search all control sets of all provided SYSTEM hives
    • Adjust consistency level threshold
    • And much more…

    Enterprise licenses are also available.  For more information, submit a request using the Contact page.

    Special pricing for law enforcement agencies is available.  Please submit a request from your agency email address for more information.

    Want to stay informed about the latest changes in USB Detective and receive special promo codes and content via email? Join our mailing list!

    USB Detective is brilliant!

    "USB Detective is brilliant! I love how it correlates the artifacts from registry hives, jumplists, LNK files, etc!"

    Arman Gungor
    Director of Forensics
    Meridian Discovery

     

    USB Detective
    5
    2019-10-11T10:08:05-04:00

    Arman Gungor
    Director of Forensics
    Meridian Discovery

     

    "USB Detective is brilliant! I love how it correlates the artifacts from registry hives, jumplists, LNK files, etc!"

    “Your software has been a game changer!”

    "Your software has been a game changer for how quickly we can discover data loss/leakage. Many thanks for creating such an awesome tool!"

    Safety & Security
    Semi-Conductor Company

    USB Detective
    5
    2019-10-17T18:16:34-04:00

    Safety & Security
    Semi-Conductor Company

    "Your software has been a game changer for how quickly we can discover data loss/leakage. Many thanks for creating such an awesome tool!"

    “USB Detective is the most comprehensive review of USB artifacts I have seen.”

    "I have been researching USB artifacts since Windows XP and presenting on USB forensic artifacts since 2007. I have looked at several products but USB Detective is the most comprehensive review of USB artifacts I have seen. Well done, thank you! This will save us a lot of time."

    Colin Cree
    Director
    EFS e-Forensic Services Inc.

    USB Detective
    5
    2021-06-03T22:32:57-04:00

    Colin Cree
    Director
    EFS e-Forensic Services Inc.

    "I have been researching USB artifacts since Windows XP and presenting on USB forensic artifacts since 2007. I have looked at several products but USB Detective is the most comprehensive review of USB artifacts I have seen. Well done, thank you! This will save us a lot of time."

    “If you do forensics in support of IP theft involving USB devices, you need USB Detective!”

    "If you do forensics in support of IP theft involving USB devices, you need USB Detective! Comparing the timeline information provided by USB Detective to one of the leading commercial tool's USB report, USB Detective is the hands down winner."

    Greg Freemyer
    Director of Forensics and Disputes
    SullivanStrickler, LLC

    USB Detective
    5
    2018-08-15T11:48:04-04:00

    Greg Freemyer
    Director of Forensics and Disputes
    SullivanStrickler, LLC

    "If you do forensics in support of IP theft involving USB devices, you need USB Detective! Comparing the timeline information provided by USB Detective to one of the leading commercial tool's USB report, USB Detective is the hands down winner."

    “Perfect for court!”

    "This is fantastic and perfect for court! I love that it not only gives a great summary of the USB analysis but it also give you a detailed log of the forensic artifacts it is using to give you the information for each device. It follows Rule 702 of expert witness testimony!"

    Ovie

    USB Detective
    5
    2018-08-15T11:54:15-04:00

    Ovie

    "This is fantastic and perfect for court! I love that it not only gives a great summary of the USB analysis but it also give you a detailed log of the forensic artifacts it is using to give you the information for each device. It follows Rule 702 of expert witness testimony!"

    “Exactly what we were looking for!”

    After testing several USB forensic tools, all of which were inadequate in some area, I discovered USB Detective. This tool turned out to be exactly what we were looking for. It’s fast, accurate and has great detailed reporting options. I really like the timestamp consistency levels. It’s by far one of the best USB forensic tools available. I highly recommend.

    Dallas Jordan
    Forensic Analyst
    General Atomics

    USB Detective
    5
    2019-02-10T15:12:10-05:00

    Dallas Jordan
    Forensic Analyst
    General Atomics

    Exactly what we were looking for

    “This is a great tool!”

    "The other tools I tried (including two major commercial suites) did not find the critical USB device at all, but USB Detective did. This is a great tool!"

    Stein Hajek
    Senior Solutions Consultant
    Inventus, LLC

    USB Detective
    5
    2018-07-16T22:18:14-04:00

    Stein Hajek
    Senior Solutions Consultant
    Inventus, LLC

    This is a great tool!
    5
    7
    USB Detective
     Purchase USB Detective Professional Request USB Detective Trial License Download USB Detective Community