11FORENSIC TRACES OF ATTACHED PERIPHERAL DEVICES
In this chapter, peripheral devices refer to externally connected hardware such as storage, cameras, webcams, printers, scanners, mobile devices, and so on. We will try to identify and analyze these attached devices from traces in the logs and configuration files. From a forensics perspective, we are attempting to learn as much about the devices as possible; in particular, any unique identifying information and evidence of use. Knowing what devices were attached to a system and how they were used helps to reconstruct past events and activity.
You may notice the absence of Bluetooth devices in this ...
Get Practical Linux Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
