usbrip (inherited from "USB Ripper", not "USB R.I.P.") is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (i.e., USB event history) on Linux machines.

usbrip is a small piece of software written in pure Python 3 (using some external modules, see Dependencies/pip) which analyzes Linux log data (journalctl output or /var/log/syslog* and /var/log/messages* files, depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "Host", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time).