Hi all,
I've got a situation where the last written times for all the keys in the USBSTOR directory are exactly the same.
I've done some research on this, and it seems to be the case for any Windows 7 computer I look at.
I'm trying to find a probable cause for this, could a system restart or another change affect the last written times of the keys? Windows update/backup? Is this a case for Windows 7 only?
This would mean that any real time/date recorded for when a USB device was plugged into a computer is wiped (, I've looked into the setupapi.dev.log (for another data source regarding USB devices) - does this log only record when a USB device is installed? So, for example, would it only record one entry for installation, and no further for any additional use?
Cheers all.
Typical, as soon as a post a question I find some more information!
More information I have found under
SYSTEM\CurrentControlSet\Control\Devic
eClasses\{53f56307-b6bf-11d0-94f2-
00a0c91efb8b}
Under this key is a similar list of devices, but their respective last written times have not been overwritten. Still a mystery why SYSTEM\CurrentControlSet\Enum\USBSTOR\ has had all its last written times replaced.
ChrisM,
Many times, the reason for the LastWrite times for the USBStor keys all being the same is often an update…I'm sure if you put together a timeline, this is what you'll see.
More information I have found under
Yep.
Just for the record
http//
jaclaz
Hey, that's some good stuff…I wonder who wrote that???
Hey, that's some good stuff…I wonder who wrote that???
Probably roll
http//
http//
Maybe someone added some good stuff to it between 2007 and 2008?
http//
http//
jaclaz