Setup API

The setupapi.dev.log file is a Windows log file that tracks device connections for a variety of devices including USB devices. Since USB device information plays an important role in many investigations, our script will help identify the earliest installation time of a USB device on a machine. This log is system-wide, not user-specific, and therefore provides only the installation time of a USB device's first connection to the system. In addition to logging this timestamp, the log contains the vendor ID (VID), product ID (PID), and serial number of the device. With this information, we can paint a better picture of removable storage activity. On Windows XP this file is located at C:\Windows\setupapi.log. On Windows 7 and higher, this file is found at C:\Windows\inf\setupapi.dev.log.