Why does the ETW USB keylogger POC require Windows 8+ for USB 3.0 support and administrator privileges?

USB 3.0 support was added in Windows 8 because the kernel-mode ETW provider for USB keyboards evolved with the operating system. Administrator privileges are necessary to access the ETW session and kernel-level events. The POC's dependencies and setup are detailed in Study Notes Weekly No.3. Understanding these requirements is crucial for both implementing and defending against such ETW-based monitoring techniques.