Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 420
  • Last Modified:

Program to tell who plugs in a USB device

I do security work for a company and I want to do some audit work.  

I want to "accidentally" leave some USB sticks in remote offices and see who plugs them in....not to get them in trouble, but to provide some real life security awareness training.  These days you can't provide too much training for employees.

Is there a way when the USB stick is plugged in that it sends an email to me stating the computer name that was used and maybe the username if possible?

Hope this makes sense.  Thanks!
0
drummer1960
Asked:
drummer1960
  • 2
  • 2
1 Solution
 
nobusCommented:
if you want the username - the guy plugging it in should provide it somehow...
usb history info :  http://www.forensicswiki.org/wiki/USB_History_Viewing

a software :  http://www.softpedia.com/get/System/System-Info/IntelliAdmin-USB-History-Viewer.shtml
0
 
BillDLCommented:
Some other utilities that are worth considering.

USB Device Viewer.  Very useful for determining the registry key for each device using the Right-Click or File > Open in Regedit option.  You can optionally have it execute a command using variables when a USB device is connected or disconnected:
http://www.nirsoft.net/utils/usb_devices_view.html

Example.  If I place log.cmd in the folder where USBDeview.exe is being run:

@echo off
echo %1,%2,%3,%4,%5,%6>>activity_log.csv
exit

and use the program's Options > Advanced Options to set a custom event upon connection of a USB device like this:
start "" /min log.cmd "%drive%" "%serial_number%" "%device_name%" "%device_type%" "%username%" "%computername%"

Open in new window

it should generate a running CSV file of USB insertion events containing the User name and the Computer Name.

The program isn't invisible, but can be started with the window hidden and only a System Tray icon showing.  Many users don't even see that.  A small batch file like that started minimized will flash some activity for a split second and won't show a "DOS" window.

Blat command line emailer:
http://www.blat.net/

USB Log Viewer.  Must be running to capture events, but can be started hidden and only visible as an icon in the System Tray.  Doesn't show user who was logged in or run any custom command on event detection, but is fairly useful if you can access the computer directly or remotely to view the ongoing logs and determine who was logged in at the time.
http://www.nirsoft.net/utils/usb_log_view.html

Folder Changes Viewer.  You can have this monitor log files and other activity of your choosing:
http://www.nirsoft.net/utils/folder_changes_view.html
0
 
nobusCommented:
here another utility that can be used :  http://www.softpedia.com/get/System/System-Info/USBDeview.shtml
0
 
BillDLCommented:
Thank you drummer1960
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now