Abstract: With the rapid development and popularization of computer technology, cyber crimes come one after another，there are a lot of computer evidences existing in the USB storage device. When USB storage device has access to computers, registry keys and computer log will record the accessing traces. Therefore, computer forensic investigators can accordingly confirm which USB device has connected to the computer at what time. This paper introduces the position of accessing traces and extraction methods, providing great support and help for certain evidence factors in judicial activities.

Key words: USB storage device, Windows 7, registry, system log, accessing traces

摘要： 随着计算机技术的快速发展和普及，各种计算机犯罪接踵而来，很多证据就存在于USB存储设备中.当USB存储设备接入计算机时，注册表键值和系统日志都会进行记录，因此计算机取证人员可以确定哪些USB设备、什么时间是否连接过计算机.通过较详细地介绍接入痕迹的位置和提取方法，为司法活动中的某些证据要素提供支持和帮助.

关键词: USB存储设备, Windows 7, 注册表, 系统日志, 接入痕迹