Identifying and analyzing USB device details can be a tedious and time-consuming task. It often requires combing through various system registries and logs to gather information about connected USB devices. As a cybersecurity professional, having an efficient way to automate this process can save valuable time and reduce errors.
In this blog, I will share a script that simplifies the task of identifying USB device details. This script gathers all necessary information in one go, making the process more efficient. Additionally, you can find this script integrated into my endpoint data capture tool, which is detailed in my previous blog. The script is also available on the resume page of my portfolio.
USB Device Information
Before diving into the script, let’s look at the kind of information we aim to extract:
Serial Number: Unique identifier for the USB device.
Friendly Name: User-friendly name of the USB device.
Mounted Name: Drive letter assigned to the USB device.
First Time Connection: Timestamp of the first connection.
Last Time Connection: Timestamp of the last connection.
VID: Vendor ID of the USB device.
PID: Product ID of the USB device.
Connected Now: Indicates if the device is currently connected.
User Name: The username that initiated the connection.
DiskID: Unique identifier for the disk.
ClassGUID: Class GUID of the device.
VolumeGUID: Volume GUID of the device (if available).
If you run the script in Powershell you will get out like below:
If you run my script which you can find under resume page. you will get output like below
Conclusion
Identifying USB details can indeed be a hectic task when done manually by digging through system registries. However, with the help of automation scripts like the one shared above, the process can become much more manageable and efficient
Akash Patel
Comments