USB thumb drives (flash drives) have become a very popular tool for transferring files from computer to computer. They're small, portable, and often contain evidence that can be helpful to an investigation.
When examining the Windows registry, one of the interesting things to look at are the entries where devices have been attached, especially USB devices, and grab the information regarding the device manufacturer and serial number if it has one.
Also there is an entry that is keyed to the mounted device volume letter. The letter is not that important but I think there is a date associated with the last time the device was written. This would be of value during a forensic exam.
USB thumb drives sometimes have a registry entry indicating that they are CD-ROM drives to be aware of that.
Thanks to Tim Clark for this information.
