3/10/2024 0 Comments Change volume serial number linux![]() In my opinion this is a good thing from a forensics stand point, would we really want to be chasing down another USB device that has memory artefacts on it? I personally would rather have as much evidence in one place as possible. We will be looking in the EMDMgmt key for the Volume Serial Number, which according to this Technet blog around Windows Vista, is where the Operating system store details regarding “Ready Boost” the idea behind Ready Boost was to use external USB devices as additional memory to increase performance. We are now going to move on to the Volume Serial Number, this is created by Windows Vista and up Operating Systems each time the device is formatted. ![]() So far we have managed to get details of two devices which have been connected to our image. On to Part 4 of our ongoing discoveries about USB forensics.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |