How to view log of hardware removal and connection?
Solution 1
The comment above was the answer: EventGhost.
Solution 2
Your problem sound a bit strange, which is probably why nobody answered. But there are a few places that come to mind, where you may want to look. It's all in the registry, but it's hard to extract without proper forensic software. The simplest ways are these.
- Open (admin) PowerShell and try to modify the queries to suit your purpose:
$Path = 'HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\*'
Get-ItemProperty -Path $Path | Select-Object -Property FriendlyName, CompatibleIDs, Mfg
- Look in the
C:\Windows\inf\setupapi.dev.log. For example, using Cygwin:
less /cygdrive/c/Windows/Inf/setupapi.dev.log
More information on the log file can be found here. Specifically, if you set the DWORD to 00007070 in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\LogLevel
you get very verbose log.
Related videos on Youtube
03 : 44
12 : 03
10 : 01
03 : 56
02 : 06
38 : 09
Ian Boyd
Updated on September 18, 2022Comments
-
Ian Boyd over 1 year
In Windows 10 how do i get a log of hardware that is removed and connected. I get the Windows Disconnect about every 3-5 seconds.
Obviously Windows know that some hardware has disconnected: it's playing the sound.
I need to know what hardware. What PCI hub, what SATA port, what USB port, what LCP port.
I need the log that Windows must have.
Things that don't work
- Logging when someone connects or removes a USB device to/from a Windows machine
- Windows adding/removing hardware - how to identify?
- NirSoft USBLogView
-
Enabling the Microsoft/Windows/DriverFrameworks-UserMode/Operational log:
-
Using the Last Hour view in the Event Log:
Bonus: Not all hardware is a USB device, USB port, or USB hub