Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 808
  • Last Modified:

Does Windows 7 keep a log of USB Devices

Hi,

Im wondering if Windows 7 keeps an internal log of all usb devices which have been connected to a Windows 7 operating system? If so, can I view that log?

Thanks
D
0
daiwhyte
Asked:
daiwhyte
4 Solutions
 
mohammad827Commented:
Default I am not sure but there are soem 3rd party tools which can be used for this
0
 
nat_nzCommented:
open regedit, browse to  HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices, you will see a list of devices previously mounted by windows.
0
 
ChopOMaticCommented:
Yes. You can dig through the registry and find the info but it's a bit cryptic to interpret if you're not used to looking at this kind of data. My suggestion is to download this (free) tool, which makes it easy and outputs a beautifully formatted report for you:

http://www.nirsoft.net/utils/usb_devices_view.html
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
btanExec ConsultantCommented:
USBDeview is good, can check out this useful link from irongeek too

@ http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots

Description: List of Installed USB devices, both connected and unconnected
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
Why you care: It can be useful to know what USB devices have be connected to a box, and even the vendor and serial number of the device in some cases. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. Think how useful it can be to help tie something a user physical possesses to a box.
Entry by: Irongeek.

Description: List of installed USB storage devices
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
Why you care: Much like the installed USB devices entry, but just for USB storage. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not USBSTOR when I tested last.
Entry by: Irongeek.

Description: SetupAPI Device Log
Location: C:\windows\inf\setupapi.dev.log
Why you care: Log that can help you find out what USB devices have been installed, including thumbdrives. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not this file when I tested last.
Entry by: Irongeek, but thanks to Nir.


0
 
pma111Commented:
Another tool that was good at reporting on USB via registry entries was a freebie called regripper by harlan carvey.
0
 
daiwhyteAuthor Commented:
Thank you all.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now