INF Setup

Overview

Evidence: INF Setup Description: Collect INF Setup Log Files Category: System Platform: windows Short Name: infl Is Parsed: No Sent to Investigation Hub: Yes Collect File(s): Yes

Background

Windows maintains setupapi log files that record detailed information about device driver installations, including PnP device installations, driver package installations, and device configuration changes.

These logs can provide evidence of hardware changes, driver installations, and USB device connections that may not be captured elsewhere.

Data Collected

This collector gathers structured data about inf setup.

INF Setup Data

Field

Description

Example

Name

Artifact name

INF Setup Logs

Type

File

SourcePath

Original file path

C:\Windows\INF\setupapi.dev.log

Path

Relative path in evidence

Other/setupapi.dev.log

Collection Method

This collector collects INF setup log files from:

Windows\INF\setupapi*.log
Windows\setupapi*.log (legacy location)

Forensic Value

INF setup logs provide detailed device installation history. Investigators use this data to track USB device installations, identify driver installation timelines, detect hardware changes, investigate PnP device activity, and correlate with USB history artifacts.

PreviousIIS Logs NextInstalled Applications

Last updated 3 days ago

Was this helpful?