Finding which computers has a USB stick been

By alexmoreira
in Hardware Hangout

 Share

Recommended Posts

Mentor

1WayJonny

Posted
Posted

You can sort of look at devices that have been plugged in, in your \Windows folder their is another folder called "Inf" this stores all windows *.inf from driver installs.

All Windows default drivers are here BUT the ones called OEM which are all after installation, if you look there you will see OEM01.inf, OEM02.inf. etc... Open each OEM**.inf and it will have the name of the device the driver installed.

Eventually you should find one call i.e. "Sandisk 4GB" but some sticks have very generic names and may make your stick impossible to find but this should help find what you need.

Grand Master

Detection

Posted
Posted

You can sort of look at devices that have been plugged in, in your \Windows folder their is another folder called "Inf" this stores all windows *.inf from driver installs.

All Wdinwso default drivers are here BUT the ones called OEM which are all after installation, if you look their you will see OEM01.inf, OEM02.inf. etc... Open each OEM**.inf and it will have the name of the device the driver installed.

Eventually you should find one call i.e. "Sandisk 4GB" but some sticks have very generic names but this should help you find what you need.

OP wants to do it the opposite way around, look at the USB stick and see which PCs it has been plugged into

Grand Master

Detection

Posted
Posted

:rofl: eheh

nope...just trying to figure a way to get the proof I need to pinpoint who stole my USB stick! :angry:

Copy an autorun virus to the USB stick, leave it lying around, the person who starts swearing stole your stick ;)

Grand Master

djdanster

Posted
Posted

:rofl: eheh

nope...just trying to figure a way to get the proof I need to pinpoint who stole my USB stick! :angry:

Probably not worth the time and effort. Let it go :)

Ignore that, I assumed you got it back. Yeah screw those f**kers over!

Grand Master

Arachno 1D

Posted
Posted

:rofl: eheh

nope...just trying to figure a way to get the proof I need to pinpoint who stole my USB stick! :angry:

If they stole it how are you going to read it....

You could instal a R.A.T. on all your sticks then you could control which ever PC it was plugged in to :woot: :laugh:

EDIT Put a big sticker on the all "Warning infected use at your own risk"

Contributor

alexmoreira

Posted
  • Author
Posted

If they stole it how are you going to read it....

You could instal a R.A.T. on all your sticks then you could control which ever PC it was plugged in to :woot: :laugh:

EDIT Put a big sticker on the all "Warning infected use at your own risk"

I know the usb stick serial number that has been stolen and have access to some of the suspects computers!

finding out if those computers had my usb stick plugged is possible

I was just wondering if the reversal was possible but arachnoid has said here something that must be the answer:

I dont think its likely as whilst the PC keeps a registry log for driver purposes the USB stick does not.Well not a basic unit anyway unless it has some software installed to log any connections.

it is not a basic unit but that's ok.

Maybe I'll have an answer for all this soon and will share with you all

Contributor

alexmoreira

Posted
  • Author
Posted

you read my mind, arachnoid...

If you have physical access to the PCs then USBDeview is a good program to show information on preinstalled USB devices such as device ID and its portable

http://www.nirsoft.n...vices_view.html

259b4ccd4c4871cf708725a5dddc20c3.png

How would a solution to this help if the USB Stick has been stolen? You don't have it anymore, so even if it could tell you you would have to get it back 1st.

I know. this 2nd method was only a confirmation for the 1st one and only to be used after the possible recovery of the stolen usb stick

bye bye you all

Mentor

Odom Member

Posted
  • Member
Posted

From the USB stick you cannot tell where it has been.

If you know the USB Hardware ID, you will have to check every single machine and look in the registry if you can find it there.

If you do, you can then check the Event Logs on that machine to see when the USB stick has been plugged in.

Then you have to get from the dates the most recent one, and then you know where the USB stick was last connected to a machine on your network.

Unless you have a central management tool, there is no other way to find this out. And the way described above is a hell of a lot of work...

This topic is now closed to further replies.
 Share
Go to topic listing