Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

USB devices and the Windows Registry, part deux

from [H Carvey] Network Security [Permanent Link]
Subject: USB devices and the Windows Registry, part deux
Date: 2 Feb 2005 19:42:06 -0000 


First off, I wanted to thank everyone for their responses...I received many, 
but unfortunately, it seems that no one has the specific information I'm 
looking for.

To that end, I thought I'd narrow my question down a bit...a lot, actually.  

USB devices have a descriptor (on Windows, a USB_DEVICE_DESCRIPTOR structure) 
that contains values called "idProduct", "idVendor", and "iSerialNumber"...this 
last value is an index, not the actual serial number.

Now, Linux has a program called 'lsusb', and if the '-vv' switch is used, the 
actual string containing the serial number is returned.

Is there a similar program for Windows?  I've taken a look at devcon.exe, but 
haven't found anything in particular yet.  Perhaps the question should be, "is 
there a program for Windows that will display the idProduct and idVendor 
values, and the actual iSerialNumber string, similar to what lsusb does for 
Linux?"

An alternate question is, what API calls (DeviceIOControl() ???) would be used 
to get this?  If I know the API calls and the order, I may be able to put 
something together.  Please, no "look at" responses...if you know, you 
know...and if you don't, please don't bother.

Thanks, your input/effort is appreciated.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  FW: USB devices and the Windows Registry, MR_EPOD .
Next by Date:  Re: USB devices and the Windows Registry, part deux, Kevin Conaway
Previous by Thread:  USB devices and the Windows Registry, H Carvey
Next by Thread:  Re: USB devices and the Windows Registry, part deux, Kevin Conaway
Indexes:  [Date] [Thread] [Top] [All Lists]