Protip: May

This post will describe how to dig into a Windows system and check to see USB devices that have been connected to a computer locally.  This can be interesting, for example, if you are interested in monitoring what kind of devices are being connected and identifying potentially dangerous devices that are being attached to a system.

The manual way of checking to see these devices is to navigate through the registry keys and check the devices through RegEdit.  The path to the USB device key is:


Just expand the tab to see which devices are listed here.

Then drill down into a particular device in this subtree to get information about the USB device.  There should be a field named FriendlyName that you can check.

The other (quicker) way to get this information is to use Powershell.  Use the following command to quickly enumerate these devices.

Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Enum\USBSTOR\*\* | select FriendlyName

Here is a sample output. Much cleaner and much easier.

Liked it? Support me on Patreon

Josh Reichardt

Josh is the creator of this blog, a system administrator and a contributor to other technology communities such as /r/sysadmin and Ops School. You can also find him on Twitter and Facebook.

  • Pingback: ???()