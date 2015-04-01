



USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS (Vista and later).

Note: USBTracker read some protected log files and needs to be run with administrator permissions. The most simple way to run USBTracker is to launch a CMD or Powershell console with a right click "run as administrator", then execute the script/exe inside it.





If you don't have a python distribution installed on the computer you want to analyze with USBTracker, you can also download an *.exe "compiled" version with PyInstaller of the script from the repository.





It uses a Python module called Python-evtx. So, don't forget to install it before using the USBTracker.




