Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 808
  • Last Modified:

Does Windows 7 keep a log of USB Devices


Im wondering if Windows 7 keeps an internal log of all usb devices which have been connected to a Windows 7 operating system? If so, can I view that log?

4 Solutions
Default I am not sure but there are soem 3rd party tools which can be used for this
open regedit, browse to  HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices, you will see a list of devices previously mounted by windows.
Yes. You can dig through the registry and find the info but it's a bit cryptic to interpret if you're not used to looking at this kind of data. My suggestion is to download this (free) tool, which makes it easy and outputs a beautifully formatted report for you:

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

btanExec ConsultantCommented:
USBDeview is good, can check out this useful link from irongeek too

@ http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots

Description: List of Installed USB devices, both connected and unconnected
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
Why you care: It can be useful to know what USB devices have be connected to a box, and even the vendor and serial number of the device in some cases. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. Think how useful it can be to help tie something a user physical possesses to a box.
Entry by: Irongeek.

Description: List of installed USB storage devices
Why you care: Much like the installed USB devices entry, but just for USB storage. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not USBSTOR when I tested last.
Entry by: Irongeek.

Description: SetupAPI Device Log
Location: C:\windows\inf\setupapi.dev.log
Why you care: Log that can help you find out what USB devices have been installed, including thumbdrives. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not this file when I tested last.
Entry by: Irongeek, but thanks to Nir.

Another tool that was good at reporting on USB via registry entries was a freebie called regripper by harlan carvey.
daiwhyteAuthor Commented:
Thank you all.

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now