USB Forensics: Find the History of Every Connected USB Device on Your Computer

May 22, 2018 | Views: 5736

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Sometimes, we need to know what USB devices were connected to our computer in our absence. This information could be very useful for a forensic examiner or in general cases where we just want to know what USB devices were used.

How This Works 

We all know about the registry on Windows. The registry is a database in Windows that stores settings of the operating system, hardware devices, software programs, and user preference settings.

Whenever we insert a USB drive into a computer, a registry key with the name “USBSTOR” is created. This registry key stores information about that USB device, and whatever information the OS needs to know can be found in this registry key. 

Finding the USB Attachment History

To find the USB history of your device, take the following steps:

STEP 1:  Go to Run and type “regedit”. 

STEP 2: In the registry, go to  HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumUSBSTOR, and there, you will find a registry key with the name “USBSTOR.”  

STEP 3: When  you will click on the USBSTOR key, you can get a list of all the USB devices that have been connected to this computer. 

 

We can  see that there are lot of USB devices that have been connected to this machine, but this does not tell what kinds of device they are. To find out, follow the next step.

STEP 4: Click on any one device from the list and click on the subkey on the right side. You will find an entry with the name “friendlyname.” Just in front of this entry, you can easily see what type of USB device this is.

Getting USB History With Single Powershell Command

 You can also get all this information by just using a single command. To do this, open powershell and type “Get-ItemProperty -Path HKLM:SYSTEMCurrentControlSetEnumUSBSTOR** | Select FriendlyName.” Then press enter, and you will get the history of all USB devices that have been used on your computer.

So this was just basic information about USB forensics to get the USB connection history on your Windows machine. In our next post, we will dig deeper into USB forensics to extract a lot of information.

For more stuff, you can follow us on Facebook.

You can also follow our page.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel