Someone maybe snooping around on your computer, and that is definitely a problem. In many cases, the person who is accessing your computer is likely one who is known such as a family member or friend. In other situations, a colleague at work might have gained access if you had left your laptop unattended for a period of time.
How to find out if someone was snooping around on your computer?
The question is, how can we find out if this has happened for sure. The first step is knowing where to begin, and that is something we plan to discuss in this article.
Bear in mind that a trace of almost all actions taken on your computer is stored, which means, there are ways to tell if someone has been messing around without your consent. Now, nothing here will determine who the culprit is, but this should give an idea:
- Check for newly installed apps
- Check your web browser history
- Check Quick access
- Take a look at Windows 10 Logon Events
- Turn on logon auditing on Windows 10 Pro
One of the best safe computing habits to cultivate is to lock the screen of the computer with a password when you are not at it. It hardly takes a moment. You just have to press WinKey+L to lock the computer. This prevents others from snooping into your computers when you are not around.
1] Check for newly installed apps
The first thing you will be required to do here is to check for apps that might have been installed without your knowledge. It is possible to do this by clicking on the Start button and look at the Recently Added section.
From here, you should see the latest apps that were installed recently. If none were done by you, then chances are a third-party might have been playing around with your computer.
2] Check your web browser history
In several cases, a person who uses your computer without consent might decide to use the web browser or whatever reasons. With this in mind, we suggest checking your web browser history just in case the culprit did not delete evidence of their transgressions.
If you have multiple web browsers, then check the history of each and not just the one you use on a regular basis.
Most browsers support pressing Ctrl+H keys to open the browsing history panel.
Now, if your history shows evidence of change, then click on some of the websites in a bid to determine who used your computer.
3] Check Quick access
For those who had no idea, well, let us make it clear that Windows 10 makes it possible for folks to check the recent user activity.
For example, you can open Microsoft Word to check if any files have been modified. The same goes for Excel, PowerPoint, or any other tools that fall under Microsoft Word.
Additionally, press the Windows key + E to open the File Explorer. From the top of the menu, look for Quick Access, and select it.
Right away, you should see a list of recently added or modified files. Check if anyone of them were modified by you in order to find out if another has accessed the device.
4] Take a look at Windows 10 Logon Events
From our point of view, the best way to get an idea if a person secretly gained access to your computer, is to take full advantage of Windows 10 Logon Events. However, when you’ve come across the log, is even possible to make an accurate reading of it? That answer is yes and we’re going to talk about that.
The first step to make here is to fire up the Event Viewer using the Start search and navigate to Windows Log > Security. You should now see a list with several activities, each with an Event ID. Now, the ID number you’re looking for is “4624” with the Task Category name being Logon.
You should also look for 4672 with the Task Category name, Special Logon. We suggest looking for “4634”, which suggests someone turned off your computer; 4624 means Logon, 4634 means Logoff.
5] Turn on logon auditing on Windows 10 Pro
Here’s the thing, this feature is automatically up and running in Windows 10 Home, but when it comes down to the Pro version, you may have to manually enable it.
To do this, visit the Group Policy Editor, then navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy.
From the right section of the tool, you should see a list of options with their security setting set to No Auditing. Double click each and be sure to select Success and Failure. From there, hit Apply then the OK button to initiate the new changes.
Let us know if you have any tips.