Do you think someone else was connected to your Windows computer while you were away from home? In this article we will give you some useful ways to find out if someone used your computer or not.
Every recent activity is recorded on your computer, and not just at one point. If one wants to hide his traces, he should be a very good connoisseur but also very patient. But let's look at ways in which we can determine if there was any unknown activity.
Recent Activity
Let's start with the basics. If someone has gained access to account you, then he must have used him for something. So, you should check for changes on your computer that don't come from you.
If we talk about them Windows 10 then if you click start you will see the most recently used programs displayed. Of course you will see in this list a program that you have not used recently and that the attacker ran. The downside to this method is that you may have used common programs or deleted it from the list if it is smart enough. In addition, in the start menu you will see on the right the field "Recent Items" (Recent Items). It shows all the recently opened files. The registration of files remains in "Recent data", even if the actual files have been deleted.
Other recent activity is found in your browser's history, its recent documents Office, as well as in Control Panel > Programs sorted by installation date to search for recently installed programs.
Check Windows Events
The above step was simply to inform you that something is wrong. Now let's get serious and let's look for some innocent proof. Windows keeps a complete record of whether an account was successfully linked, but also about failed login attempts. You can view this file from the Windows Event Viewer.
To access the Windows event viewer, press "Win + R" and type eventvwr.msc in the "Run" dialog box. Press Enter and the event viewer will open.
Here, double-click the Windows Logs button, and then click Security. In the middle of the table you will see the attempts to connect with the date and time. Each time you log in, Windows records your effort. Observe the day and time of the last recording to see if you had an uninvited guest.
If there's an entry you don't recognize, it means someone gained access to your computer. Windows does not log fake entries, so you can trust this data. In addition, you can also check which specific account the intruder had access to duration of this period (if you have multiple accounts). To check, double-click on the suspicious entry and look at the “Account Name” in the window that opens.
See Start Up details of the last entry
The above method is good enough to catch the attacker, but keep in mind that if smart enough it can clear all event logs. If it is not so smart then in this case you can configure the details of the last connection to see the recent startup of your computer. This will show you the recent entry of your accounts and any failed attempts. This information can not be deleted.
You will need to tamper with the windows registry file so be sure to create a backup before any of your moves. press “Win + R” keys and type regedit in the execution window that will appear. The Windows Registry will open.
Search for location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Now right click on the “System” folder and select “New” and then “DWORD value”. An entry will be created that is ready to be renamed. Rename it to "DisplayLastLogonInfo".
Double-click this entry, and set the "value" to "1". Now every time you (or someone else) log on to your computer, you will first see the last login and every failed attempt.