Step-by-Step: Using NoVirusThanks USB Logger to Monitor USB Activity

Step-by-Step: Using NoVirusThanks USB Logger to Monitor USB Activity

What it does

NoVirusThanks USB Logger records USB device connections and file activity so you can see when devices were attached, what files were accessed or transferred, and related timestamps.

Before you start

• Download the USB Logger installer from the vendor site and verify the file checksum if provided.
• Run the installer with administrator privileges.
• If on a managed system, confirm policy/antivirus allowances for the logger.

Step-by-step setup

1. Install
   • Run the downloaded installer and follow prompts.
   • Accept any driver or kernel-mode component installations if required.

2. Launch and grant permissions

   • Start the application as an administrator.
   • Allow any OS prompts for elevated access so the logger can capture system-level USB events.

3. Configure basic settings

   • Open Settings/Options.
   • Choose log storage location (pick a secure drive with adequate space).
   • Set log rotation or maximum file size to avoid disk overuse.
   • Enable timestamp format you prefer (local time vs UTC).

4. Select event types to capture

   • Enable device connect/disconnect events.
   • Enable file read/write/copy/move events (if supported).
   • Enable process association (log which process accessed the device).

5. Filter and exclusions

   • Add trusted device IDs or vendor IDs to exclude noisy backups if desired.
   • Set filename or extension filters to focus on specific file types.

6. Logging level and retention

   • Choose verbosity: errors only, summary, or detailed (detailed recommended for forensics).
   • Configure retention period and automatic archival/encryption if available.

7. Start monitoring

   • Enable Live Monitoring or Start Logging.
   • Optionally enable notifications for device insertion.

8. Test with a USB device

   • Insert a test USB drive.
   • Create/modify/delete a test file on the drive.
   • Check the logger for recorded connect time, device identifier, and file activity entries.

9. Review logs

   • Use the application’s built-in viewer or export logs (CSV/JSON) for analysis.
   • Correlate log timestamps with system event logs if needed.

10. Secure logs

• Restrict access to log files (permissions).
• Back up logs to a secure location and consider encrypting archives.

Troubleshooting common issues

• No events recorded: confirm service/driver is running and app has admin rights.
• Missing file activity: some OS versions or driver restrictions may limit file-level capture—enable process association or use endpoint agent if available.
• High disk usage: reduce verbosity, enable rotation, or exclude large backup devices.

For investigations

• Export logs and sort by timestamp, device ID, or process.
• Look for unexpected device serial numbers or unusual file transfers.
• Cross-check with Windows Event Viewer or endpoint protection logs.

If you want, I can create a printable checklist or a short test script for verifying captures.