Removal of USB Storage Device

This query will detect if any USB storage device was removed from a Windows machine (confirmed on Windows 7).

Continue Reading →

USB and Removable Media Detection

This splunk query will show information about USB mass storage device uses. You must be monitoring the registry using the Windows Technology Add-on (TA).

Continue Reading →