Solved

Does Windows 7 keep a log of USB Devices

Posted on 2011-09-02
6
799 Views
Last Modified: 2012-08-13
Hi,

Im wondering if Windows 7 keeps an internal log of all usb devices which have been connected to a Windows 7 operating system? If so, can I view that log?

Thanks
D
0
Comment
Question by:daiwhyte
6 Comments
 
LVL 4

Expert Comment

by:mohammad827
ID: 36472531
Default I am not sure but there are soem 3rd party tools which can be used for this
0
 
LVL 2

Accepted Solution

by:
nat_nz earned 125 total points
ID: 36472636
open regedit, browse to  HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices, you will see a list of devices previously mounted by windows.
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 125 total points
ID: 36473917
Yes. You can dig through the registry and find the info but it's a bit cryptic to interpret if you're not used to looking at this kind of data. My suggestion is to download this (free) tool, which makes it easy and outputs a beautifully formatted report for you:

http://www.nirsoft.net/utils/usb_devices_view.html
0
Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

 
LVL 63

Assisted Solution

by:btan
btan earned 125 total points
ID: 36477099
USBDeview is good, can check out this useful link from irongeek too

@ http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots

Description: List of Installed USB devices, both connected and unconnected
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
Why you care: It can be useful to know what USB devices have be connected to a box, and even the vendor and serial number of the device in some cases. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. Think how useful it can be to help tie something a user physical possesses to a box.
Entry by: Irongeek.

Description: List of installed USB storage devices
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
Why you care: Much like the installed USB devices entry, but just for USB storage. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not USBSTOR when I tested last.
Entry by: Irongeek.

Description: SetupAPI Device Log
Location: C:\windows\inf\setupapi.dev.log
Why you care: Log that can help you find out what USB devices have been installed, including thumbdrives. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not this file when I tested last.
Entry by: Irongeek, but thanks to Nir.


0
 
LVL 3

Assisted Solution

by:pma111
pma111 earned 125 total points
ID: 36483594
Another tool that was good at reporting on USB via registry entries was a freebie called regripper by harlan carvey.
0
 

Author Closing Comment

by:daiwhyte
ID: 36488468
Thank you all.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question