usbrip is a command-line forensics tool that allows you to track the artifacts left behind by USB devices. Written in Python3.
Analyzes logs to build tables of events that may contain the following information: date and time of device connection, user, vendor ID, product ID, etc.
In addition, the tool can:
- export the collected information as a JSON dump;
- generate a list of authorized (trusted) USB devices in the form of JSON;
- detect suspicious events associated with devices that are not in the list of authorized devices;
- create encrypted vaults (7zip archives) for automatic backup (this is possible when installed with the -s flag);
- search for additional information about a specific USB device by its VID and/or PID.
Source: linux.org.ru