Improve company productivity with a Business Account.Sign Up

x
?
Solved

Does Windows 7 keep a log of USB Devices

Posted on 2011-09-02
6
Medium Priority
?
812 Views
Last Modified: 2012-08-13
Hi,

Im wondering if Windows 7 keeps an internal log of all usb devices which have been connected to a Windows 7 operating system? If so, can I view that log?

Thanks
D
0
Comment
Question by:daiwhyte
6 Comments
 
LVL 4

Expert Comment

by:mohammad827
ID: 36472531
Default I am not sure but there are soem 3rd party tools which can be used for this
0
 
LVL 2

Accepted Solution

by:
nat_nz earned 500 total points
ID: 36472636
open regedit, browse to  HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices, you will see a list of devices previously mounted by windows.
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 500 total points
ID: 36473917
Yes. You can dig through the registry and find the info but it's a bit cryptic to interpret if you're not used to looking at this kind of data. My suggestion is to download this (free) tool, which makes it easy and outputs a beautifully formatted report for you:

http://www.nirsoft.net/utils/usb_devices_view.html
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LVL 66

Assisted Solution

by:btan
btan earned 500 total points
ID: 36477099
USBDeview is good, can check out this useful link from irongeek too

@ http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots

Description: List of Installed USB devices, both connected and unconnected
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
Why you care: It can be useful to know what USB devices have be connected to a box, and even the vendor and serial number of the device in some cases. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. Think how useful it can be to help tie something a user physical possesses to a box.
Entry by: Irongeek.

Description: List of installed USB storage devices
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
Why you care: Much like the installed USB devices entry, but just for USB storage. Think someone copied the data to a thumbdrive? This may help you trace down what thumbdrive. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not USBSTOR when I tested last.
Entry by: Irongeek.

Description: SetupAPI Device Log
Location: C:\windows\inf\setupapi.dev.log
Why you care: Log that can help you find out what USB devices have been installed, including thumbdrives. CleanAfterMe scrubs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB but not this file when I tested last.
Entry by: Irongeek, but thanks to Nir.


0
 
LVL 3

Assisted Solution

by:pma111
pma111 earned 500 total points
ID: 36483594
Another tool that was good at reporting on USB via registry entries was a freebie called regripper by harlan carvey.
0
 

Author Closing Comment

by:daiwhyte
ID: 36488468
Thank you all.
0

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affec…
Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question