312-49v10 Exam - Question 151

A: When a new device is inserted into a USB port, .the host will then request the device descriptor from the device. The device descriptor contains information about the hardware device that the OS needs to load a driver for, namely the USB specification version, the USB device class and sub-class, the vendor ID (VID), product ID (PID), and other important data. Once this descriptor is adequately obtained, the appropriate driver is loaded into memory for use by the operating system to facilitate communication between software and plugged in USB devices.

ParentIdPrefix value found within the unique instance ID key can be used to map the entry from USBSTOR key to the MountedDevices key. This can be done by right clicking each Registry value and choosing Modify...

The correct answer is A. ParentIDPrefix. The Unique Instance ID key (USBSTOR\InstanceId) contains the ParentIDPrefix, which is a value that helps investigators map the entry from the USBSTOR key to the MountedDevices key. The ParentIDPrefix is a substring of the InstanceID that corresponds to the device's serial number. Here's how it works: The USBSTOR key contains a list of USB devices that have been connected to the system, with each device having a unique InstanceID. The MountedDevices key contains a list of devices that have been mounted on the system, with each device having a unique device ID. By matching the ParentIDPrefix from the USBSTOR key to the device ID in the MountedDevices key, investigators can determine which device was mounted and when.