New "Removable Media: History of Connected USB Drives" Analysis

BenKus · September 3, 2008, 12:24am

We have recently published a new Analysis on the Security Policy Manager Fixlet site that shows the history of connected USB devices including their serial number.

Here is an example of what the analysis returns on one of our computers:

USB Flash Memory USB Device – 8&19ff1fb2&0

Apple iPod USB Device – 8&41f4e44&0

Apple iPod USB Device – 8&32c42174&0

Apple iPod USB Device – 8&31cfe9b3&0

USB Device –

Generic STORAGE DEVICE USB Device – 8&b98aba7&0

Memorex TRAVELDRIVE 005B USB Device – 8&2c2f04a&0

SAMSUNG HM160JC USB Device –

SD/MMC Card Reader USB Device – 8&776bc3a&0

WDC WD40 0AB-22BTA0 USB Device –

If you have the Security Policy Manager Fixlet site subscribed, please check out this new and potentially useful Analysis.

Ben

system · November 26, 2008, 9:00am

(imported comment written by nrupaks91)

Hi Ben,

I have checked the analysis, it is really powerful.

I would like to customize this analysis to my need.

What I want is that my custom analysis should reflect the data only one month old, and it should flush the data every month.

I don’t know how to make such changes. Let me know if you have any idea about such a change.

Thanks & Regards,

nrupaks

BenKus · November 27, 2008, 4:24am

(imported comment written by BenKus)

Hi nrupaks,

This information does not appear to be timestamped by Windows and so you can’t easily filter it. If you wanted some ability to track over time, you would need to do some custom work:

Create a backend system that pulls data from the database or SOAP API and then stores the data with timestamps over time.
Create a BigFix action that stores the data on the agent periodically with time stamps and then create logic to do diffing and pull the info back.

Both are possible, but you need to spend the time creating the system.

Ben

dudy007 · October 30, 2016, 8:38am

hi can u share wite me the analysis