March 6, 2020

USB Forensics: Find the History of Every Connected USB Device on Your Computer

Shaquib Izhar
Share

Sometimes, we need to know what USB devices were connected to our computer in our absence. This information could be very useful for a forensic examiner or in general cases where we just want to know what USB devices were used.How This WorksWe all know about the registry on Windows. The registry is a database in Windows that stores settings of the operating system, hardware devices, software programs, and user preference settings. Whenever we insert a USB drive into a computer, a registry key with the name "USBSTOR" is created. This registry key stores information about that USB device, and whatever information the OS needs to know can be found in this registry key.

Finding the USB Attachment History

To find the USB history of your device, take the following steps:STEP 1: Go to Run and type "regedit".STEP 2: In the registry, go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumUSBSTOR, and there, you will find a registry key with the name "USBSTOR."

Sign up today to access these Cyber Security Courses now:

STEP 3: When  you will click on the USBSTOR key, you can get a list of all the USB devices that have been connected to this computer.

We can  see that there are lot of USB devices that have been connected to this machine, but this does not tell what kinds of device they are. To find out, follow the next step.STEP 4: Click on any one device from the list and click on the subkey on the right side. You will find an entry with the name "friendlyname." Just in front of this entry, you can easily see what type of USB device this is.

Getting USB History With Single Powershell CommandYou can also get all this information by just using a single command. To do this, open powershell and type "Get-ItemProperty -Path HKLM:SYSTEMCurrentControlSetEnumUSBSTOR** | Select FriendlyName." Then press enter, and you will get the history of all USB devices that have been used on your computer.

So this was just basic information about USB forensics to get the USB connection history on your Windows machine. In our next post, we will dig deeper into USB forensics to extract a lot of information. For more stuff, you can follow us on Facebook. You can also follow our page.

Sign up for a free 7 Day Trial now to take these Career Paths:

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More