Search the Community
Showing results for tags 'usbrip'.
-
usbrip (derived from "USB Ripper", not "USB R.I.P." ) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines. Table of Contents: Description Quick Start Screenshots Git Clone Dependencies System Log Structure DEB Packages PIP Packages Portable Installation pip or setup.py install.sh Paths cron uninstall.sh Usage Synopsis Help Examples Credits & References Post Scriptum Description usbrip is a small piece of software written in pure Python 3 (using some external modules though, see Dependencies/PIP) which parses Linux log files (/var/log/syslog*or /var/log/messages* depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "User", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time). Besides, it also can: export gathered information as a JSON dump (and open such dumps, of course); generate a list of authorized (trusted) USB devices as a JSON (call it auth.json); search for "violation events" based on the auth.json: show (or generate another JSON with) USB devices that do appear in history and do NOT appear in the auth.json; *when installed with -s flag*create crypted storages (7zip archives) to automatically backup and accumulate USB events with the help of crontab scheduler; search additional details about a specific USB device based on its VID and/or PID. Quick Start usbrip is available for download and installation at PyPI: ~$ pip3 install usbrip Screenshots [Hidden Content]