USB Forensics: Fundamentals
This course covers the basics of how USB devices work. The course emphasis is on USB mass storage devices which are nearly always part of a forensic investigation.
This course is the first in a series to cover USB in depth. Throughout the series, emphasis will be placed on USB mass storage devices which are nearly always a part of forensic investigations. USB Human Interface Devices (HID) will also be discussed as they are used in a number of attacks. This course covers the fundamentals of how USB devices interact with hosts. The course should be valuable not only to forensics and information security professionals, but to anyone wanting a deeper understanding of how USB works under the covers.
Course SyllabusGetting Started- 39m 2s
—Motivation 5m 34s
—Lsusb Demo 4m 50s
—USB Hardware 6m 41s
—USBMon and Wireshark Demo 6m 1s
—USB Descriptors 9m 29s
—Descriptors Demo and Summary 6m 23sEndpoints, Classes, and Commands- 21m 48s
—Control Endpoints 3m 34s
—Control Endpoint Demo 5m 9s
—Interrupt and Isochronous Endpoints 4m 21s
—Bulk Endpoints 3m 28s
—Commands 5m 15sHosts and Hubs- 10m 27sUSB Mass Storage Descriptors, Endpoints, and Device Presentation- 19m 37sUSB Mass Storage Communication and Windows Specific Behavior- 22m 9sUSB Human Interface Devices- 16m 16s