The practicality of conducting a BadUSB attack using a Raspberry Pi Pico, demonstrating how an inexpensive micro-controller can be turned into a malicious USB device using both open-source code (pico-ducky project, open source ducky scripts, unicorn.py etc) as well as custom created code was investigated. The experiment recreated a realistic attack scenario where the Pico acted as a fake keyboard, automatically disabling Windows security features, altering registry settings, and executing a fileless payload that granted remote access, without user interaction. Digital forensic analysis revealed that while the attack was approximately fast, it left behind identifiable traces such as registry modifications, USB logs, and PowerShell histories, proving that post-incident detection is possible. Defensive strategies ranging from physical safeguards like USB port blockers to administrative policies restricting USB drivers, was explored and emphasized user awareness as a critical defense layer. The simplicity of executing BadUSB attacks and the effectiveness of forensic and preventive countermeasures was demonstrated.