This article will be answering this common question: “how do I check recent activity on my computer?”. I will show you how to review recent activities using apps that come included with Windows as well as CurrentWare’s employee and computer monitoring software solutions.
Checking recent activity on your computer allows you to see how the devices in your network have been used, allowing you to investigate suspicious activity such as web browsing and changes to files during periods where nobody should have been accessing the PC.
Need to monitor computer activity on another computer? With CurrentWare’s employee computer monitoring software, monitoring computer activities is as easy as installing the solution on your employee’s computers and running reports on their computer activity from a convenient central console.
If you are concerned that someone else has been using your computer, Windows includes free tools that you can use to check recent activity on your computer. If you discover events that occurred when you were not using your computer, it could be an indication that your computer was used without your knowledge.
Note: When you view the logs in Windows Event Viewer you are likely to see a few event logs of errors that have occurred on your machine. This is completely normal and not an immediate cause for concern if your machine is otherwise running smoothly – the application records every event on your computer, including minor start-up and processing errors that have likely resolved themselves.
Windows Event Viewer is a utility that comes included with the Windows operating system. It’s intended to be used by system administrators to view event logs on local and remote machines, but it can also tell you when your computer has been turned on. If your computer has been turned on when you were not using it, that could mean that someone else was using your computer.
If you are using Windows 10 Professional, you can also enable auditing of logon events in the Local Group Policy Editor. This will allow you to track which user accounts log in to your Windows devices.
If you would like to audit logon events for multiple computers, you can use enPowerManager’s logon/logoff tracking report for monitoring these computer activities at-scale.
Viewing recently edited files on your Windows machine will allow you to see what files were opened on your computer. If you find files that were recently modified when you were not using your PC, this could mean that someone else was on your computer.
Each web browser (Chrome, Firefox, Opera, Internet Explorer, Edge, etc) comes with its own internet browsing history. This can often be accessed by launching the program and pressing CTRL + H to bring up the browsing data of your device.
Unfortunately, if you or another user were browsing in a private browsing mode such as Chrome’s Incognito mode or Edge’s InPrivate mode you will not be able to see internet browsing activity from that time period using this method.
Fortunately, there are tools for monitoring computer activities that can track web browsing history even when private browsing modes are used.
CurrentWare’s BrowseReporter is a computer monitoring software that can be used to monitor activity on your own computer or another computer in your network. BrowseReporter is a powerful employee tracking software for monitoring how employees use the internet and computer applications in the workplace.
BrowseReporter can track these computer activities:
The fastest way to track web and application activity on your computer will be to perform a standalone installation of CurrentWare by installing BrowseReporter, the CurrentWare server, the CurrentWare console, and CurrentWare client on the same device.
If you would like to use BrowseReporter to monitor another computer, you can do so by installing the CurrentWare client on each computer that you would like to track. If you’d like to give it a try before purchasing a license, you can track internet activity for free with a 14-day trial.
If you will be managing multiple devices you will benefit greatly from the included central console as it allows you to manage all of your devices remotely rather than checking each computer manually.
Ready to get advanced insights into how your employees spend their time? Reach out to the CurrentWare team for a demo of BrowseReporter, CurrentWare’s employee and computer monitoring software.
Checking USB device history is incredibly useful for performing a digital forensics investigation. If you are running a business it can be helpful to see USB activities on your network to collect evidence of illicit data transfers and the use of unauthorized devices by your employees.
If you are monitoring USB activities on a standalone machine and you do not need real-time alerts or detailed file transfer history, you can use Windows Event Viewer to view events where USB devices have been connected and disconnected from the computer.
If you would like more detailed information about how USB devices are used on your endpoint devices, you can use AccessPatrol for monitoring computer activities such as portable storage file operations and device usage history.
Hey everyone, this is Dale here. I am the Digital Marketing Manager for CurrentWare.
In today’s video, I’d like to show off the new USB activity dashboards introduced to AccessPatrol in version 7.0.
These dashboards provide a convenient overview of the peripheral device usage of your entire workforce as well as specific groups or users—all from the convenience of a web browser.
They work in tandem with AccessPatrol’s device control features and USB activity reports to protect sensitive data against the security risks of portable storage devices.
Today’s video is just a sneak peek of what AccessPatrol is capable of; as time goes on you can expect to see further enhancements and data points added to these dashboards.
At this time, AccessPatrol can track activities from the following peripherals:
This device usage data is used to populate various graphs across AccessPatrol’s dashboards. You can further refine how granular this data is by limiting the time frame, selecting only specific groups, and even investigating individual users.
Having these metrics available at a glance makes detecting potential insider threats far more efficient as your organization scales.
Any groups or users that need to be reviewed further can be investigated using the more granular dashboards and AccessPatrol’s device activity reports.
For a more proactive approach to insider threat management you can set up targeted alerts that will notify designated staff members when these high-risk activities occur.
For the most up-to-date information on AccessPatrol’s activity tracking and data loss prevention capabilities, visit our knowledge base at CurrentWare.com/Support or visit the AccessPatrol product page at CurrentWare.com/AccessPatrol
In the overview dashboard you can review the following metrics:
Moving on to the Files Dashboard you will see…
Finally, we have the Devices Dashboard.
In this dashboard, we have…
As you can see, we have specific users that are repeatedly trying to use devices that have not been approved for use by the organization.
While this could just be an accidental oversight on the user’s part, there’s a risk that it’s something much more serious.
For example, what if this is actually a disgruntled employee trying to steal trade secrets or sensitive customer data so they can bring it to a competitor, or worse, sell it to cybercriminals on the dark web.
Between the costs associated with a damaged reputation, fines, loss of competitive advantage, and remediation, a data breach like this could completely ruin a company.
Before we confront this employee or send them for retraining, let’s investigate this incident further so we can make an informed decision.
Clicking on this user, we’ll be taken to a dashboard that focuses exclusively on their activity.
Looking at the Devices graph we can see that they have made multiple attempts to use blocked devices.
Scrolling down, we can see that they’ve been trying to use unauthorized portable storage devices.
Since AccessPatrol is currently blocking any devices that are not explicitly allowed, I know that the only way sensitive data is leaving through a USB drive is if it’s a device that we’ve allowed before. So, let’s take a closer look at how they’ve been using their approved devices.
As you can see here, the types of files that they are transferring are more than capable of containing sensitive data; let’s take a look at the file names for more details.
With the Activity Log we can use the filters, sorting, and column options to isolate our view to the entries we’re the most interested in.
Once we find something that looks off, we have more than enough information to confront this employee and take any necessary corrective actions.
Ready to protect your sensitive data against theft to USB portable storage devices? Block and monitor peripheral device usage today with a free trial of AccessPatrol, CurrentWare’s USB control software.
Simply visit CurrentWare.com/Download to get started instantly, or get in touch with us at CurrentWare.com/Contact to book a demo with one of our team members. See you next time!
Email alerts can be configured in AccessPatrol to generate real-time alerts of USB device usage and file operations on the endpoints in your network.
There are a wide array of use cases for monitoring computer activities in your network. With the tips listed in this article you will be able to track web browsing history, determine if someone has been using your computer, investigate employee data theft, and track logon events.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |