usbrip
GPL-3.0๐ฌ Digital Forensics ยท Python
usbrip is a forensic tool for Linux systems that tracks the complete history of USB device connections by parsing system log files and generating detailed reports of all USB events. It extracts device identifiers including vendor ID, product ID, serial number, manufacturer, and connection timestamps, storing them in a searchable database for historical analysis. Digital forensics investigators and incident responders use usbrip to determine which USB devices were connected to a system, when they were connected, and whether any unauthorized storage devices were used to exfiltrate data. The tool can generate violation reports by comparing connected devices against a whitelist of authorized USB hardware, and exports results in JSON format for integration with broader forensic analysis workflows.
Tags
Details
- Category
- ๐ฌ Digital Forensics
- Language
- Python
- Repository
- snovvcrash/usbrip
- License
- GPL-3.0
- Platforms
- ๐งlinux
Links
Community Reviews
No reviews yet. Be the first to review usbrip.
More in Digital Forensics
Volatility 3
PythonAdvanced memory forensics framework. Extracts artifacts from RAM dumps - processes, network connections, registry.
Autopsy
JavaDigital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.
Ghidra
JavaNSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.
Binwalk
PythonFirmware analysis tool. Searches binary images for embedded files, executables, and file systems.
YARA
CPattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.
Velociraptor
GoEndpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.