Solved

Program to tell who plugs in a USB device

Posted on 2013-02-05
4
388 Views
Last Modified: 2013-03-30
I do security work for a company and I want to do some audit work.  

I want to "accidentally" leave some USB sticks in remote offices and see who plugs them in....not to get them in trouble, but to provide some real life security awareness training.  These days you can't provide too much training for employees.

Is there a way when the USB stick is plugged in that it sends an email to me stating the computer name that was used and maybe the username if possible?

Hope this makes sense.  Thanks!
0
Comment
Question by:drummer1960
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 92

Expert Comment

by:nobus
ID: 38858538
if you want the username - the guy plugging it in should provide it somehow...
usb history info :  http://www.forensicswiki.org/wiki/USB_History_Viewing

a software :  http://www.softpedia.com/get/System/System-Info/IntelliAdmin-USB-History-Viewer.shtml
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 38873150
Some other utilities that are worth considering.

USB Device Viewer.  Very useful for determining the registry key for each device using the Right-Click or File > Open in Regedit option.  You can optionally have it execute a command using variables when a USB device is connected or disconnected:
http://www.nirsoft.net/utils/usb_devices_view.html

Example.  If I place log.cmd in the folder where USBDeview.exe is being run:

@echo off
echo %1,%2,%3,%4,%5,%6>>activity_log.csv
exit

and use the program's Options > Advanced Options to set a custom event upon connection of a USB device like this:
start "" /min log.cmd "%drive%" "%serial_number%" "%device_name%" "%device_type%" "%username%" "%computername%"

Open in new window

it should generate a running CSV file of USB insertion events containing the User name and the Computer Name.

The program isn't invisible, but can be started with the window hidden and only a System Tray icon showing.  Many users don't even see that.  A small batch file like that started minimized will flash some activity for a split second and won't show a "DOS" window.

Blat command line emailer:
http://www.blat.net/

USB Log Viewer.  Must be running to capture events, but can be started hidden and only visible as an icon in the System Tray.  Doesn't show user who was logged in or run any custom command on event detection, but is fairly useful if you can access the computer directly or remotely to view the ongoing logs and determine who was logged in at the time.
http://www.nirsoft.net/utils/usb_log_view.html

Folder Changes Viewer.  You can have this monitor log files and other activity of your choosing:
http://www.nirsoft.net/utils/folder_changes_view.html
0
 
LVL 92

Expert Comment

by:nobus
ID: 38873218
here another utility that can be used :  http://www.softpedia.com/get/System/System-Info/USBDeview.shtml
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39034015
Thank you drummer1960
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft will be releasing the Windows 10 Creators Update in just a matter of weeks. Are you prepared? Follow these steps to ensure everything goes smoothly and you don't lose valuable data on your PC.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Viewers will learn how to use the Hootsuite Dashboard.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question