usbrip (inherited from “USB Ripper”, not “USB R.I.P.”) is a simple forensics tool with command line interface that lets you keep track of USB device artifacts (i.e., USB event history) on Linux machines.
https://github.com/snovvcrash/usbrip
usbrip is a small piece of software which analyzes Linux log data: journalctl output or contents of /var/log/syslog* (/var/log/messages*) files. Based on the collected data usbrip can build USB event history tables with the following columns:
- “Connected” (date & time);
- “Host”;
- “VID” (vendor ID);
- “PID” (product ID);
- “Product”;
- “Manufacturer”;
- “Serial Number”;
- “Port”;
- “Disconnected” (date & time).