Solved

Does Windows 7 keep a log of USB Devices

Posted on 2011-09-02
6
798 Views
Last Modified: 2012-08-13
Hi,

Im wondering if Windows 7 keeps an internal log of all usb devices which have been connected to a Windows 7 operating system? If so, can I view that log?

Thanks
D
0
Comment
Question by:daiwhyte
6 Comments
 
LVL 4

Expert Comment

by:mohammad827
ID: 36472531
Default I am not sure but there are soem 3rd party tools which can be used for this
0
 
LVL 2

Accepted Solution

by:
nat_nz earned 125 total points
ID: 36472636
open regedit, browse to  HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices, you will see a list of devices previously mounted by windows.
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 125 total points
ID: 36473917
Yes. You can dig through the registry and find the info but it's a bit cryptic to interpret if you're not used to looking at this kind of data. My suggestion is to download this (free) tool, which makes it easy and outputs a beautifully formatted report for you:

http://www.nirsoft.net/utils/usb_devices_view.html
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 62

Assisted Solution

by:btan
btan earned 125 total points
ID: 36477099
USBDeview is good, can check out this useful link from irongeek too

@ http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots

Description: List of Installed USB devices, both connected and unconnected
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
Why you care: It can be useful to know what USB devices have be connected to a box, and even the vendor and serial number of the device in some cases. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. Think how useful it can be to help tie something a user physical possesses to a box.
Entry by: Irongeek.

Description: List of installed USB storage devices
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
Why you care: Much like the installed USB devices entry, but just for USB storage. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not USBSTOR when I tested last.
Entry by: Irongeek.

Description: SetupAPI Device Log
Location: C:\windows\inf\setupapi.dev.log
Why you care: Log that can help you find out what USB devices have been installed, including thumbdrives. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not this file when I tested last.
Entry by: Irongeek, but thanks to Nir.


0
 
LVL 3

Assisted Solution

by:pma111
pma111 earned 125 total points
ID: 36483594
Another tool that was good at reporting on USB via registry entries was a freebie called regripper by harlan carvey.
0
 

Author Closing Comment

by:daiwhyte
ID: 36488468
Thank you all.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is the best password manager? 12 137
md5 password 3 61
Review of apps API SSL Cert policy 2 19
desktop security assessment (windows devices). 2 26
The 21st century solution to antiquated pagers.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question