The setupapi.dev file, located in %systemroot%\INF\setupAPI.dev, is a text file that documents the details of the first time a specific device was connected to the computer. This file ensures the system has the appropriate drivers to read and access the media. Each log entry in this file begins with a section header, where the latter part includes the device ID. This file does not provide information as to when the device was unplugged or disconnected.

Sections

ID	Name	Description
PR014.001	USB Mass Storage Device Formatting	A subject formats a USB mass storage device on a target system with a file system capable of being written to by the target system.
IF002.001	Exfiltration via USB Mass Storage Device	A subject exfiltrates data using a USB-connected mass storage device, such as a USB flash drive or USB external hard-drive.
IF002.006	Exfiltration via USB to USB Data Transfer	A USB to USB data transfer cable is a device designed to connect two computers directly together for the purpose of transferring files between them. These cables are equipped with a small electronic circuit to facilitate data transfer without the need for an intermediate storage device. Typically a USB to USB data transfer cable will require specific software to be installed to facilitate the data transfer. In the context of an insider threat, a USB to USB data transfer cable can be a tool for exfiltrating sensitive data from an organization's environment.