Data copy through pendrive logs

 To read and copy data from a USB pendrive in Linux and check its size, follow these steps:


1. Identify the Pendrive


Open a terminal and run:


lsblk


or


fdisk -l


This will list all connected storage devices. Look for entries like /dev/sdb1 (it may vary).


2. Mount the Pendrive (If Not Auto-mounted)


If the pendrive is not automatically mounted, create a mount point and mount it manually:


sudo mkdir -p /mnt/usb

sudo mount /dev/sdb1 /mnt/usb


Replace /dev/sdb1 with the correct partition name.


3. Copy Data from the Pendrive


Use the cp command to copy files:


cp -r /mnt/usb /destination/path/


Or use rsync for a safer copy:


rsync -av /mnt/usb/ /destination/path/


4. Check Pendrive Size


To check the total and available space:


df -h /mnt/usb


5. Unmount After Use


Once done, unmount the pendrive safely:


sudo umount /mnt/

usb


Let me know if you need more details!


To check if data has been copied to or from a pendrive in Linux, you can analyze system logs and use tools to track USB activity. Here’s how:



---


1. Check USB Connection Logs


Run the following command to see when a USB device was plugged in or removed:


journalctl -k | grep -i usb


or


dmesg | grep -i usb


This will show logs related to USB connections with timestamps.



---


2. Find Mounted USB Device & Access Logs


To check where the USB was mounted, run:


lsblk

mount | grep /dev/sd


This shows which device (e.g., /dev/sdb1) was mounted and where.


If the system is using udev rules, you can check logs:


journalctl -u systemd-udevd



---


3. Check File Access Logs


If auditing is enabled, you can check access logs:


cat /var/log/auth.log | grep -i "usb"

cat /var/log/syslog | grep -i usb



---


4. Monitor File Copy Activity Using auditd


If you suspect data theft, use auditd to monitor file transfers:


Install auditd (if not installed)


sudo apt install auditd audispd-plugins -y


Add a Rule to Track USB Data Copy


Replace /mnt/usb with the actual mount point:


sudo auditctl -w /mnt/usb -p rwxa -k usb_activity


This will log all read, write, execute, and attribute change operations.


Check the Logs


sudo ausearch -k usb_activity --start today



---


5. Check Bash History


If commands were run to copy data manually, check:


history | grep cp

history | grep rsync

history | grep mv



---


6. Detect Large Data Transfers


Use iostat to check high I/O operations:


iostat -dx 1


Or track disk usage changes:


du -sh /mnt/usb



---


7. Use inotifywait for Live Monitoring


You can also set up real-time monitoring:


inotifywait -m /mnt/usb -e create -e modify -e move -e delete


This will notify you of any file changes.



---


8. Enable Logging for USB Activity (Advanced)


Modify /etc/udev/rules.d/99-usb-log.rules to log USB usage:


ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/logger -t USB Device %k inserted"


Then reload rules:


sudo udevadm control --reload-rules && sudo udevadm trigger



---


Conclusion


If data was copied via a USB pendrive, you can check system logs (journalctl, syslog, auth.

log), enable auditd to track file access, and use inotifywait for live monitoring.


Let me know if you need more help!



Comments

Post a Comment

Popular posts from this blog

linux support cmd ( Chandrakant bharti)

Image
"linux support cmd ( Chandrakant bharti)" * Step-by-Step Guide to Installing Linux* Choose a Linux Distribution -  Research : There are many distributions (distros) of Linux. Popular ones include Ubuntu, Fedora, and Debian. Choose based on your needs (e.g., user-friendliness, specific software requirements). 2. Prepare Installation Media Download ISO : Go to the official website of your chosen distribution and download the ISO file for the version you want (e.g., Ubuntu 20.04 LTS). Create Bootable USB : Use software like Rufus (Windows) or Etcher (Mac/Linux) to create a bootable USB drive from the ISO file. 3. Backup Your Data   Precaution : Before proceeding, ensure important data is backed up to prevent accidental loss during installation. 4. Boot from Installation Media Insert USB : Insert the bootable USB drive into your computer. Restart : Restart your computer and access the BIOS/UEFI/ LEGACY menu (usually by pressing F2, F12, or Delete during startup). Set Boot Order ...
Read more

hplip

 apt update     2  apt upgrade     3  hp-doctor     4  sudo apt-get install hplip-gui     5  hp-setup     6  hp-plugin     7  apt install hplip     8  apt enable hplip     9  systemctl enable hplip    10 hp-toolbox    12  sudo apt install hplip    13  sudo apt install hplip-gui    14  hp-plugin    15  hp-doctor    16  sudo bash    17  chmod +x hplip-3.24.4.run    18  ./hplip-3.24.4.run    19  chmod +x hplip-3.24.4.run    20  ./hplip-3.24.4.run    21  chmod +x hplip-3.24.4.run    22  ./hplip-3.24.4.run    23  sudo bash    24  chmod +x hplip-3.24.4.run    25  ./hplip-3.24.4.run    26  ./hplip-3.2...
Read more

Airscan

 To install airscan (which is part of sane-airscan) in Linux and configure it with a Kyocera scanner, follow these steps: Step 1: Install sane-airscan sane-airscan provides support for eSCL (Apple AirScan) and WSD (Web Services on Devices) scanners, which many Kyocera models support. Ubuntu/Debian-based distributions: sudo apt update sudo apt install sane-airscan Fedora: sudo dnf install sane-airscan Arch Linux (AUR package): yay -S sane-airscan Step 2: Install SANE and Required Utilities To ensure scanning works properly, install the following: sudo apt install sane-utils Check if SANE recognizes your scanner: scanimage -L If your Kyocera scanner supports eSCL or WSD, it should appear in the list. Step 3: Configure sane-airscan By default, sane-airscan should detect supported network scanners. However, if your scanner is not detected: 1. Check for the scanner's IP If your Kyocera printer/scanner is on the network, find its IP address using: avahi-browse -rt _uscan._tcp or check yo...
Read more