Irrespective of your computing environment, for security purposes, you'd want to keep a close eye on the activity performed on your PC. Having an antivirus software Installed Is one thing, but what about those who Insert their USB Flash Drive with malicious Intent (or otherwise) while you're away? How do you know the device has been Inserted to begin with? Well, In this tutorial, I will show you how to grab all files the moment a USB Stick Is plugged In.
You see, USB Sticks can be used for more than just backing up your sensitive data. For example, the Rubber Ducky Is commonly used by hackers, to steal your critical files by simply Inserting It Into your computer. If you have multiple users utilizing your PC, or work In an environment where physical access Is Inevitable, having knowledge of when a given USB Stick was plugged In and the contents It contained, Is paramount.
As such, I will demonstrate how to do this, by using a neat little tool named USB Capture that can be downloaded from either the official website, or via this reputable source. Believe me, this tool Is very Impressive!
In short, the moment a USB Stick Is Inserted Into any port, It will Instantly copy It's entire contents to a folder on your computer. Moreover, It will also log the exact timestamp of when It was plugged In, the device name & GUID and when It was removed! Yes, this Is one awesome tool. So without further delay, let's see how this Is done.
Step One:Once you've downloaded USB Capture, amongst a few other files, you will see two folders named 32-bit and 64-bit as shown below. Double-click on the one that's relevant to your operating system's architecture. I'm running Windows 10 Enterprise x64, so I've selected 64-bit.
Step Two:Inside the folder that you've selected above, there will be another folder named USBCaptureSvc. Copy this folder onto your computer's C Drive. I find It works best In this location.
Step Three:Open USBCaptureSvc, and you will see a Batch file named Install. It must be executed with elevated privileges, so right-click It and select Run as administrator.
Step Four:The Command Prompt will open, confirming that It's been Installed. As the message states, Press any key to continue.
Step Five:USB Capture Is now up & running, and constantly observing for USB Sticks. Time to put this to the test. Before I Insert my USB Stick Into my computer, here's the files & folders that It contains. These were actually used for a couple of tutorials on this blog.
Step Six:Upon Inserting my USB Stick, It's Instantly copied the entire contents to a folder named USB-COPIED. This folder Is part of the tool, that's located on my PC's hard disk. I'll open It In the next step.
Step Seven:As you can see, the entire contents from my USB Stick, have been successfully copied. Compare the Image below with that of Step Five above.
Last Step:I've now navigated to a folder named Logs, (that's located In the USBCaptureSvc folder) and double-clicked the text file. It's actually logged the date & time of when the USB Stick was Inserted, the device name, GUID and also when It was removed.
Final Thoughts:I'd say It's very safe to assume, that you're quite Impressed with USB Capture's functionality, and It's accuracy In obtaining details as per the above step. This clearly demonstrates just how easy It Is, to grab the details of any USB Stick that's Inserted Into your PC- all done In the background, with no Indication of It's behavior.
This also serves as a warning, that anyone could have USB Capture Installed when you've Inserted your USB Stick In their computer, hence they'd Instantly have copies of your sensitive files. Be very careful (and selective) of where you decide to use your USB Stick.