Trace USB activities

OSR_Community_User · February 7, 2010, 1:40pm

Can we view USB activities in windows services log or event log?

–
Prageeth Madhushanka
Sri Lanka

OSR_Community_User · February 7, 2010, 3:01pm

What you mean by USB activity?

OSR_Community_User · February 7, 2010, 3:07pm

Copying files, to hard drive and downloading files to USB

On Mon, Feb 8, 2010 at 1:31 AM, wrote:

> What you mean by USB activity?
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

–
Prageeth Madhushanka
Sri Lanka

Doron_Holan · February 7, 2010, 3:11pm

These are all specific to usb mass storage activities, not generic usb. win7 can show you bus activity via netmon, but it won’t show you decoded class driver activity like what files are being copied.

What are you trying to do? Trace what is going on to learn? Or use the log as a way to audit use?

d

tiny phone keyboard + fat thumbs = you do the muth

From: prageeth madhushanka
Sent: Sunday, February 07, 2010 12:08 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Trace USB activities

OSR_Community_User · February 7, 2010, 3:45pm

The following links show you how to use ETW to look at the usb core stack activities:
http://blogs.msdn.com/usbcoreblog/archive/2009/12/04/etw-in-the-windows-7-usb-core-stack.aspx

http://blogs.msdn.com/usbcoreblog/archive/2009/12/21/answering-the-question-what-s-wrong-with-my-device-using-usb-etw.aspx

Thanks.
Fizal

OSR_Community_User · February 7, 2010, 9:54pm

What are you trying to do? Trace what is going on to learn? Or use the log

as a way to audit use?

Use the log as a way to audit. Therefore I need to obtain more details about
the activities.

–
Prageeth Madhushanka
Sri Lanka