Is it because your work table suddenly looks different? Or because your computer's desktop is open and exposed, while the screen saver was still on when you just went to the toilet? Suddenly you get the uneasy feeling that someone has been snooping on your computer. Are you getting paranoid, are you too suspicious? Follow these steps to find out if someone has been snooping on your PC.
Tip 01: Recent files
The easiest way to check if someone has been secretly working on your computer is to quickly check the recent files. Windows has the function Quick access added to quickly get back to the files you've been working on recently. That's why you open a new window in Windows Explorer or use the key combination Ctrl+E. In the left column you will find the item at the top Quick access. This will show you a list of recent files on the right. If there are files in this list that you don't remember editing recently, you'll know immediately that someone has accessed your account. Moreover, you can read which files this rather clumsy intruder has modified.
Tip 02: Empty is suspicious
Clearing File Explorer's history is not difficult. With the right mouse button you open in Quick access the Options and in the tab General do you use the command History by Explorerto clear. You will then no longer be able to see which files have been edited recently. On the other hand, an intruder who wants to cover his trail in this way would really betray himself. How else could the list of recent files have been emptied?
Tip 03: Modified files
In Windows Explorer you can also search more specifically for changed files. Maximize the File Explorer ribbon, click in the search box and choose Modified on. You can choose from: Today, Yesterday, This week and so forth. It is possible to refine the search using a date range, but the option is probably Today the most useful. The result is again a list of files that have been modified. Check the times of this list. If your system saved the file automatically while the intruder was working, you will find out this way.
One of the best ways to protect your PC while you are away is to lock it. Press Windows+L so no one can mess with your machine. When the screen is locked, a nice photo with the date and time will usually appear. Press the spacebar to log in again with your password. Of course, your computer is only protected if you have actually entered a password for your account. Go to Settings / Accounts / Login Options. You can always change the password this way. The reflex to press Windows+L is fine, but you may forget to do this. You can set Windows to automatically lock the screen when you're not working. In the Institutions are you looking for via the search bar Screensaver change and then you get to the window Screen Saver Settings. Here you choose a screensaver and give it a few minutes until it is activated. If you're at Screensaver the option No select, the system will immediately lock the computer after the set time instead of showing the screen saver.Even someone who has surfed your computer in incognito mode leaves traces
Tip 04: Browsing History
Perhaps a colleague has secretly used the internet browser on your machine to view your bookmarks, for example? While a savvy user will use your web browser's incognito or private mode, it certainly doesn't hurt to check your browser history. It is of course child's play to erase that history, but in doing so the intruder again betrays his presence. In Chrome as well as in Firefox or Microsoft Edge, the fastest way to the History the key combination Ctrl+H (from History). However, there is a chance that someone has searched your browsing history. You notice that because the website that was last searched from your history list suddenly appears at the top. In Edge and Chrome you can even read the history when the website was visited and that can clarify a lot.
Tip 05: Not so incognito after all
Even someone who has surfed your computer in incognito mode leaves traces. In this mode, the browser will not store anything locally on your computer, even cookies will be deleted after the session. However, this data is stored in the computer's DNS cache. This information remains available until you turn off the computer. To see all URLs visited in incognito mode, press Windows Key+R. In the window To carry out do you type cmd and you confirm with Enter. The dos prompt appears and in it you type ipconfig /displaydns. This produces a list of all Internet addresses visited, including those you visited incognito. If the list is too long, you can export it in a text file with ipconfig /displaydns > dns.txt. This file is usually stored in the user folder on the C drive.
Tip 06: Logs
If the previous methods have failed, you can look for traces of intrusion in the logs. Most of the events that Windows records here are only interesting for statistical purposes, but if you pick the right notifications, you can see who logged in and when. Search Logs and open the app. Then you go to Windows Logs and from there to Security. You'll get a low list of activities, most of which probably won't tell you anything unless you know the Windows codes well. Pay attention Event ID 4624 for standard logins, and 4634 for unsubscribes. Click on an item for more information and check if a user logged into the system while you were away. Most signups will be from the account System come. This system account is used to perform tasks and you can ignore these logins. Bee Keywords are you reading Check failed (with padlock) or Check passed (with key), depending on whether it is a failed or a successful attempt.
Tip 07: Filter log
Difficult with logs is that they usually contain an obscure list of items. Fortunately, there is a search function in the menu Actions. With this search function you can search for a period (last hour, last 12 hours, last 24 hours, last 7 days and so forth). In addition, you can filter the log. Click in the menu Actions on Filter current log. If you want to see all events between 4624 and 4634 (the logins and logouts), then type in the filter box 4624-4634. Type at User the name of the user accounts you want to filter on. Optionally, you can specify multiple user accounts by separating them with a comma. click on OK to apply the filter.
Tip 08: Activate control
The logon checker that tracks who logs in to your computer when only works on the professional edition of Windows. So you can't use this if you have a Home edition. You check whether this form of auditing is enabled via the Local Group Policy Editor. Press Windows key + R and in the window To carry out do you type gpedit.msc and you click OK. Then click in the left column on Windows Settings / Security Settings / Local Policies / Audit Policies / Audit Account Login Events. Here you can control Successful attempts and Failed attempts activate. After you have done this, follow the login attempts in the logs using the above method.Someone who gains access to your system can easily place a keylogger
In the window Local Security Policy you can switch on and off nine different forms of policy control. Here are the five most interesting parts.
Login Events: A user logs out, logs in, or connects over the network.
Account Login Events: A user authenticates through a local user account or logs in through the network.
Account management: a user or user group is created, activated, deleted, changed, deactivated, or a password is changed.
Object access: A user opens a file, folder, or registry key.
Process Detection: A process starts or ends.
System Events: A user shuts down or restarts the system.
The data that the system collects through the set audit policy is automatically entered in the Windows Security log.
Tip 09: Keyloggers
Someone who gains access to your system can easily place a keylogger. A keylogger is a program that records every key you press. That means every sentence, every space, but also your passwords, bank logins, social media passwords and credit card information. This information forwards the keylogger to the receiver. In the US, keyloggers are still referred to as 'parental software', because this software is also used to spy on the computer behavior of your own children. Tracking down keyloggers is tricky because they are designed to be hidden. Recent anti-malware programs will track and remove keyloggers. Programs that will make short work of this malware include MacAfee Rootkit Remover, a free dos-based anti-keylogger tool, and AVG Antivirus.