Well!! nowadays we use our USB port to plugin many devices like mp3 players,ipods,pendrives etc,it is also very true that these devices are also vector of many viruses,trojans and backdoors etc which can be lethal sometimes.Today I am going to discuss how we can keep a track of all the USB devices that were connected to our computer(WIN Xp / 7 / Vista).This trick can be very helpful in case you find that some data has been stolen from your PC.
The USB history in a PC can be tracked by two methods:
a)By looking directly into the registry files.
b)Or by using Tool.
Note:Click on the images to zoom them.Lets first start with Registry file method.
1.First open up Run and type "regedit" and hit enter.
Note:USB history can be found at two places in registry
--HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
--HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
2.A registry editor window open up,in that window follow the steps as shown in the image below.
(Here we will look into the second registry path mentioned above but you can also try with the first one)
In the above image you can see that after I connected a pendrive and its information is present there in the registry.
So lets see how we can do this with a tool.The tool that we will be using for this isNirsofts's USBDVIEW. (Download)
1.Download the Tool and just run , it will show all the devices that were connected to your PC.
2.Now select anyone of the external device and right click on it and selectProperties.It will show you all the details about the external device as shown in the image below.
Now we have retrieved the history of the USB devices so,lets see how we can delete these history informations.
1.Open up the registry editor window as shown in the above steps then follow the on screen steps as shown in the image below.
2.After completing all the steps in the above image you will be able to delete the registry key or subkey.
By doing this the traces are removed....but still then it can be detected so we will cover that in Part-II.
If you find this post worthy enough to read do drop a comment it will be appreciated. :)
So lets see how we can do this with a tool.The tool that we will be using for this isNirsofts's USBDVIEW. (Download)
1.Download the Tool and just run , it will show all the devices that were connected to your PC.
Note:Serial numbers are unique for external devices but internal devices as you can see have same serial number.
2.Now select anyone of the external device and right click on it and selectProperties.It will show you all the details about the external device as shown in the image below.
Now we have retrieved the history of the USB devices so,lets see how we can delete these history informations.
1.Open up the registry editor window as shown in the above steps then follow the on screen steps as shown in the image below.
2.After completing all the steps in the above image you will be able to delete the registry key or subkey.
By doing this the traces are removed....but still then it can be detected so we will cover that in Part-II.
Note:For Linux you can use USBVIEW(Download)
If you find this post worthy enough to read do drop a comment it will be appreciated. :)
0 comments:
Post a Comment