Can`t one use a keylogger to tell what was done while one is away from one`s machine?
If so,what is the best keylogger?
anon
June 9, 2009 9:11 AM
Windows XP does not have the 'login' list.
Additionally, the 'history' may not even list the last 24 hours, depending on YOUR activities.
Security lists only log off/log on when switch uses is activated not a straight turn on computer -> log on.
yalters
June 9, 2009 2:19 PM
in XP (when suspicious) I've used command "net user " to check when last log on occurred.
Good Luck and happy learning
YALTERS
Mark Jacobs
June 10, 2009 6:26 AM
you may get a few more details of what they did if they didn't try to cover their tracks
1, Check recent documents and you may see the names of any files created.
2. Check the browsed cache to see which web sites they visited (the time of the files will make it easy to see if they were downloaded when you weren't using your machine.
3. I use Total Commander (plug for a great utility) but there are lots of other options and can search my computer for any files created between certain times.
Glenn P.
June 13, 2009 6:01 AM
It's going rather far, but if you're really suspicious, you can write a teensy little batchfile that'll write the current date and time to a designated textfile. For example (but mind you, this is just off the top of my head):
@echo off
echo %DATE%%TIME% > C:\[Put-Your-Desired-Path-Here]\xxx.txt
exit
...You save this somewhere inconspicuous with a name ending in *.BAT (for example, "Hello.BAT"), and put a shortcut to that batchfile (make sure it runs minimized!) in your "startup" folder.
Now, anytime anyone logs on, the date and time of the latest login will be stored to that text file. (If you want a running list of logins, put a ">>" before the filename -- that is, use two, instead of just one, "greater-than" -- to signal an "append" as opposed to an "overwrite" operation.)
The downside is that the title of the batchfile itself will be visible, very briefly, in the Windows Taskbar during each login, and if your interloper is suspicious, he can trace your little logon-tracker without too much effort. Naming your batchfile something innocuous should go a long way to allaying such suspicions.
Hope this helps, and good luck! :)
Carmen
June 14, 2009 9:39 PM
What about using Start>Search>For Files or Folders and searching all files and folders created/opened that day (then sorting chronologically)?
Sure. Assuming that she didn't clean up after herself, that is. Problem is ... you just don't know.
- Leo 15-Jun-2009
frank
March 7, 2011 1:51 AM
Thanks for this, but when I click on "Security", the logs are empty. So I assume either someone erased them (but why would he erase ALL the logs, not just his), or my omputer is set to not track logs. If that's the case, how do I activate log tracking?
Thanks.
Herc
October 14, 2011 8:14 AM
Has any of this changed for Windows 7?
Not to my knowledge.
14-Oct-2011
daniel
January 19, 2012 11:17 AM
when I click on security the list is empty. Is there a way to enable Windows to keep a list of the security activity?
Elizabeth
July 20, 2012 7:58 AM
If your security log is clear, you need to turn on auditing.
There also is a script at that page that will show you a quick list of login user names and time stamps, much easier than digging through the event log
Comments
Read the article that everyone's commenting on.
June 9, 2009 8:19 AM
Can`t one use a keylogger to tell what was done while one is away from one`s machine?
If so,what is the best keylogger?
June 9, 2009 9:11 AM
Windows XP does not have the 'login' list.
Additionally, the 'history' may not even list the last 24 hours, depending on YOUR activities.
Security lists only log off/log on when switch uses is activated not a straight turn on computer -> log on.
June 9, 2009 2:19 PM
in XP (when suspicious) I've used command "net user " to check when last log on occurred.
Good Luck and happy learning
YALTERS
June 10, 2009 6:26 AM
you may get a few more details of what they did if they didn't try to cover their tracks
1, Check recent documents and you may see the names of any files created.
2. Check the browsed cache to see which web sites they visited (the time of the files will make it easy to see if they were downloaded when you weren't using your machine.
3. I use Total Commander (plug for a great utility) but there are lots of other options and can search my computer for any files created between certain times.
June 13, 2009 6:01 AM
It's going rather far, but if you're really suspicious, you can write a teensy little batchfile that'll write the current date and time to a designated textfile. For example (but mind you, this is just off the top of my head):
...You save this somewhere inconspicuous with a name ending in *.BAT (for example, "Hello.BAT"), and put a shortcut to that batchfile (make sure it runs minimized!) in your "startup" folder.
Now, anytime anyone logs on, the date and time of the latest login will be stored to that text file. (If you want a running list of logins, put a ">>" before the filename -- that is, use two, instead of just one, "greater-than" -- to signal an "append" as opposed to an "overwrite" operation.)
The downside is that the title of the batchfile itself will be visible, very briefly, in the Windows Taskbar during each login, and if your interloper is suspicious, he can trace your little logon-tracker without too much effort. Naming your batchfile something innocuous should go a long way to allaying such suspicions.
Hope this helps, and good luck! :)
June 14, 2009 9:39 PM
What about using Start>Search>For Files or Folders and searching all files and folders created/opened that day (then sorting chronologically)?
15-Jun-2009
March 7, 2011 1:51 AM
Thanks for this, but when I click on "Security", the logs are empty. So I assume either someone erased them (but why would he erase ALL the logs, not just his), or my omputer is set to not track logs. If that's the case, how do I activate log tracking?
Thanks.
October 14, 2011 8:14 AM
Has any of this changed for Windows 7?
14-Oct-2011
January 19, 2012 11:17 AM
when I click on security the list is empty. Is there a way to enable Windows to keep a list of the security activity?
July 20, 2012 7:58 AM
If your security log is clear, you need to turn on auditing.
This article here will walk you through it:
http://www.intelliadmin.com/index.php/2012/07/see-who-logged-on-to-a-computer-and-when/
There also is a script at that page that will show you a quick list of login user names and time stamps, much easier than digging through the event log
To post a comment on "Can I tell when someone logged into my machine, and what they did?", please return to that article's main page.