Solved

Program to tell who plugs in a USB device

Posted on 2013-02-05
4
375 Views
Last Modified: 2013-03-30
I do security work for a company and I want to do some audit work.  

I want to "accidentally" leave some USB sticks in remote offices and see who plugs them in....not to get them in trouble, but to provide some real life security awareness training.  These days you can't provide too much training for employees.

Is there a way when the USB stick is plugged in that it sends an email to me stating the computer name that was used and maybe the username if possible?

Hope this makes sense.  Thanks!
0
Comment
Question by:drummer1960
  • 2
  • 2
4 Comments
 
LVL 91

Expert Comment

by:nobus
ID: 38858538
if you want the username - the guy plugging it in should provide it somehow...
usb history info :  http://www.forensicswiki.org/wiki/USB_History_Viewing

a software :  http://www.softpedia.com/get/System/System-Info/IntelliAdmin-USB-History-Viewer.shtml
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 38873150
Some other utilities that are worth considering.

USB Device Viewer.  Very useful for determining the registry key for each device using the Right-Click or File > Open in Regedit option.  You can optionally have it execute a command using variables when a USB device is connected or disconnected:
http://www.nirsoft.net/utils/usb_devices_view.html

Example.  If I place log.cmd in the folder where USBDeview.exe is being run:

@echo off
echo %1,%2,%3,%4,%5,%6>>activity_log.csv
exit

and use the program's Options > Advanced Options to set a custom event upon connection of a USB device like this:
start "" /min log.cmd "%drive%" "%serial_number%" "%device_name%" "%device_type%" "%username%" "%computername%"

Open in new window

it should generate a running CSV file of USB insertion events containing the User name and the Computer Name.

The program isn't invisible, but can be started with the window hidden and only a System Tray icon showing.  Many users don't even see that.  A small batch file like that started minimized will flash some activity for a split second and won't show a "DOS" window.

Blat command line emailer:
http://www.blat.net/

USB Log Viewer.  Must be running to capture events, but can be started hidden and only visible as an icon in the System Tray.  Doesn't show user who was logged in or run any custom command on event detection, but is fairly useful if you can access the computer directly or remotely to view the ongoing logs and determine who was logged in at the time.
http://www.nirsoft.net/utils/usb_log_view.html

Folder Changes Viewer.  You can have this monitor log files and other activity of your choosing:
http://www.nirsoft.net/utils/folder_changes_view.html
0
 
LVL 91

Expert Comment

by:nobus
ID: 38873218
here another utility that can be used :  http://www.softpedia.com/get/System/System-Info/USBDeview.shtml
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39034015
Thank you drummer1960
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now