I'm searching for a simple USB activity logger, nothing big, ...

  • Thread starter Thread starter lackyluk2001
  • Start date Start date
L

lackyluk2001

I'm searching for a simple USB activity logger, nothing big, I need
just to log when someone plugged and unplugged any USB device,
(ext.hdd, ext. mem.stick, ext.sound card), like,
at 12.09.06 12.06h External disk drive activated
at 12.09.06 13.05h External disk drive deactivated

It could be excellent if Windows XP internal system logger could log
such activities to event logger.
 
Not that I know, only thing that's recorded by the event viewer are the
errors made by the ftdisk.

And there are some USB pci cards, which are equipped with the USB
drivers that will transfer such activate message log to the event
viewer.

In the case of the Intel motherboards, generations from a BX, 815, 845,
865, 875, 915, 945, 975, and with a very large amount of motherboards
based on via and nvidia, I can say for certain that they are not
equipped with the driver and the audit policy which will transfer such
activities to the event viewer.
 
Must be my mistake then, I only have an nvidea chipset/mobo and its all
recorded in even viewer
So your certainty is not my experience
But then perhaps you used winxp default drivers and not the manu drivers
 
Personally, I tried several drivers for Intel motherboards, Microsoft
xpsp2 integrated in xpsp2 and I tried several versions of Intel usb
drivers from Intel.
 
Since I don't use Intel mobo I cannot really comment further other than
reiterating that you should ensure you are using the mobo drivers, inc
chipset, from their site, and not winxp default drivers.
 
As I said, not only that I tried all the available Intel chipset and
the USB drivers, and all of the available microsoft drivers, I tried
even some open source drivers, and none of them support such logging as
I described.
If you have time, please upload somewhere screenshots of your system
event logs where you see events with USB activities as I described.
 
Type Date Time Source Category Event User Computer
Information 27/09/2006 22:00:10 Removable Storage Service None 135 N/A *****
Information 27/09/2006 21:59:34 Removable Storage Service None 134 N/A *****

Naturally the properties for these events show more detail
eg started/stopped etc
 
Seems to be a gap in the market...

I've stripped down another software, added some logging
and here it is: The USB device logger :-)
http://www.uwe-sieber.de/files/usblogger.zip

It's a Windows service that logs USB device arrivals and
removals.
This version logs to the file C:\_USBdevices.txt but it's
no problem to let it log to a different file or to the Windows
event log.

Log sample:

29.09.2006 - 16:41:37 USB storage device attached: 'U3 Cruzer Micro' /
'USB-Massenspeichergerät' / 'Kompatibles USB-Speichergerät'

29.09.2006 - 16:41:47 USB storage device removed: 'U3 Cruzer Micro' /
'USB-Massenspeichergerät' / 'Kompatibles USB-Speichergerät'

29.09.2006 - 16:41:54 Bluetooth device attached: 'USB Device' /
'Generic Bluetooth Radio' / 'Cambridge Silicon Radio Ltd.'

29.09.2006 - 16:41:59 Bluetooth device removed: 'USB Device' / 'Generic
Bluetooth Radio' / 'Cambridge Silicon Radio Ltd.'


Let me know what you think...


Greetings from Germany

Uwe
 
Its seems that its OK,
my logs for the external USB 3.5' hard drave are:
9/30/2006 - 1:22:55 PM USB storage device attached: 'USB TO IDE' /
'USB Mass Storage Device' / 'Compatible USB storage device'
9/30/2006 - 1:24:57 PM USB storage device removed: 'USB TO IDE' / 'USB
Mass Storage Device' / 'Compatible USB storage device'
I will try it with other devices.
We shall see how will USBlogger react when times passes, and are there
some mem. leakage after times, is it core stable with User and GDI
objects, is it compatible with other software.
You are right there is market gap, but I wouldn't call it gap, but
Microsoft mistake, they didn't thought about events enough, on the
unix/linux platform there aren't such stupid mistakes.
Thanks for the effort.
 
Hi. You could use "Dynamikode Usb Security Suite" to log everything that happens on usb drives. It is not free, but might be worth checking.
 
Back
Top