ABSTRACT: The rapid adoption of portable USB storage devices has significantly improved data portability and operational convenience. However, these devices have also become one of the major sources of cybersecurity threats, including malware propagation, unauthorized data transfer, insider attacks, and digital evidence tampering. Traditional endpoint security solutions primarily focus on antivirus protection and network-based defenses but often provide limited visibility into unauthorized USB device usage. This research presents SentinelUSB, a Windows-based cybersecurity and digital forensics framework designed to detect, monitor, and analyze unauthorized USB device activity through historical forensic analysis and real-time monitoring.
successfully detects USB connection events with minimal system overhead while providing comprehensive forensic evidence for security investigations. The proposed framework offers an effective and lightweight solution for educational institutions, enterprises, and digital forensic laboratories seeking improved endpoint security and automated USB device monitoring. Future enhancements include artificial intelligence-based anomaly detection, cloud synchronization, crossplatform compatibility, and enterprise-level endpoint integration.
KEYWORDS: Cybersecurity, Digital Forensics, USB Device Monitoring, Windows Registry, Windows Event Logs, Windows Management Instrumentation (WMI), Endpoint Security, USBSTOR, Whitelisting, Python.
SENTINELUSB: DETECTION OF UNAUTHORIZED USB DEVICE USAGE USING WINDOWS REGISTRY, EVENT LOG ANALYSIS, AND REAL-TIME MONITORING
KAIRUNNISA, DR. SAIMA SHAIKH, PROF. ARUN SHAIKH


