BadUSB is one of the most dangerous cybersecurity threats, given that it uses the firmware of USB devices to perform various undetectable actions with numerous tools. This research aims to evaluate the efficiency of different forensic approaches, such as signature-based detection, behavioral analysis, and the machine learning (ML) approach, in detecting and analyzing BadUSB attacks. Experiments were conducted with preconfigured USB peripherals to perform keystroke injection, data exfiltration, malware delivery, and network traffic manipulation. The analysis shows that the behavioral analysis and the ML-based methods show high detection accuracy and low false positives. Machine learning detection is the most efficient method. Behavioral analysis had higher accuracy in detecting abnormal device behavior but had a longer detection time than the ML methods. This research beneficently addresses the issues and challenges in the field of digital forensics and calls for further improvement in the detection methods. It proposes ways to implement these methods within the existing cybersecurity models. Future studies should focus on the best approaches to fine-tune these techniques, diversify datasets for machine learning detection methods, and advance methodologies in forensics to accommodate new generations of technologies like the Internet of Things and cloud systems.
Contact Info
E-mail: editor@learning-gate.com
© 2020 Learning Gate, All rights reserved. This is an open-access article distributed under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
© 2020 Learning Gate, All rights reserved. This is an open-access article distributed under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
Licensed under 
a Creative Commons Attribution 4.0 International License.
a Creative Commons Attribution 4.0 International License.