How Do I Check Recent Activity On My Computer?

two people checking their computer activity together

This article will answer this common question: “How do I check recent activity on my computer?”. I will show you how to review recent activities using apps that come included with Windows as well as CurrentWare’s employee and computer monitoring software solutions.

Checking recent activity on your computer allows you to see how the devices in your network have been used, allowing you to investigate suspicious activity such as web browsing and changes to files during periods when nobody should have been accessing the PC. 


Software to Check Recent Activity on Employee Computers

Need to monitor computer activity on another computer? With CurrentWare’s employee computer monitoring software, monitoring computer activities is as easy as installing the solution on your employee’s computers and running reports on their computer activity from a convenient central console.

  • Track web browsing including time spent on each site, the exact URL, the web page title, and more
  • Monitor application usage to see who is playing games or using unauthorized software
  • Track idle time to see how active your employees are on their computers
  • Monitor bandwidth usage to see who is slowing down the network with Netflix, Twitch, and Sports streaming

Table of Contents


How Can I Tell if Someone Has Used My Computer?

If you are concerned that someone else has been using your computer, Windows includes free tools that you can use to check recent activity on your computer. If you discover events that occurred when you were not using your computer, it could be an indication that your computer was used without your knowledge.

Use Windows Event Viewer to Check Computer Events

Note: When you view the logs in Windows Event Viewer you are likely to see a few event logs of errors that have occurred on your machine. This is completely normal and not an immediate cause for concern if your machine is otherwise running smoothly – the application records every event on your computer, including minor start-up and processing errors that have likely resolved themselves. 

Windows Event Viewer is a utility that comes included with the Windows operating system. It’s intended to be used by system administrators to view event logs on local and remote machines, but it can also tell you when your computer has been turned on. If your computer has been turned on when you were not using it, that could mean that someone else was using your computer.

  1. Press the Windows key on your keyboard – the Windows symbol is found in the bottom-left corner of most keyboards, between the CTRL and ALT keys.
  2. Type Event – this will highlight Event Viewer in the search boxThe Event Viewer application is highlighted in the windows start menu
  3. Press the Enter key to launch Event ViewerAn overview of the Windows Event Viewer dashboard
  4. Double-Click Windows Logs in the left-hand pane
  5. In the drop-down menu below Windows Logs, click System The Windows Logs drop-down menu found in Event Viewer
  6. In the right-hand pane click Filter Current Log
  7. This will bring up the Filter Current Log pop-up menu. Click on the Event sources drop-down menu and scroll down until you see Power-Troubleshooter.
  8. Click the box next to Power-Troubleshooter, then click anywhere in the gray area in the Filter Current Log window to close the menu.
  9. Click the OK Button.
  10. In the center window you will now see all of the times that your computer has been turned on. If you did not turn on the computer for one of the events listed, someone else may have been using your computer.The center panel of Windows Event Viewer. A Power-Troubleshooter event is highlighted

If you are using Windows 10 Professional, you can also enable auditing of logon events in the Local Group Policy Editor. This will allow you to track which user accounts log in to your Windows devices.

If you would like to audit logon events for multiple computers, you can use enPowerManager’s logon/logoff tracking report for monitoring these computer activities at-scale.

enpowermanager's user logon history report with timestamps of when employees log in and out each day

How to View Recently Edited Files

Viewing recently edited files on your Windows machine will allow you to see what files were opened on your computer. If you find files that were recently modified when you were not using your PC, this could mean that someone else was on your computer.

  1. Press the Windows key on your keyboard – the Windows symbol is found in the bottom-left corner of most keyboards, between the CTRL and ALT keys.
  2. Type Run – this will highlight the Run application in the search box
  3. Press the Enter key to launch the Run application
  4. In the box that pops up, type in Recent
  5. This will bring up a window that shows all of the files that have been recently edited on your computer. There is likely to be unfamiliar files without icons – these are likely temporary files and are not a cause for concern.A screenshot of recently modified files in Windows
  6. You can sort items by the date that they were last modified by clicking the Date Modified box at the top. If this is not visible to you, Right Click the column headers and select Date Modified from the drop-down menu.
    A list of all of the shorting methods in Windows File Explorer 

How Do I Check Internet Browsing Activity On My Computer?

Each web browser (Chrome, Firefox, Opera, Internet Explorer, Edge, etc) comes with its own internet browsing history. This can often be accessed by launching the program and pressing CTRL + H to bring up the browsing data of your device. 

Unfortunately, if you or another user were browsing in a private browsing mode such as Chrome’s Incognito mode or Edge’s InPrivate mode you will not be able to see internet browsing activity from that time period using this method.

Fortunately, there are tools for monitoring computer activities that can track web browsing history even when private browsing modes are used.

Use BrowseReporter to Check Application Usage and Web Activity

BrowseReporter overview dashboard

CurrentWare’s BrowseReporter is a computer monitoring software that can be used to monitor activity on your own computer or another computer in your network. BrowseReporter is a powerful employee tracking software for monitoring how employees use the internet and computer applications in the workplace.

BrowseReporter can track these computer activities:

  • Internet Browsing: Monitor all websites that are visited, even when private browsing is enabled.
  • Bandwidth Monitor: Bandwidth usage can be logged to troubleshoot slow internet connections and discover bandwidth abuse in the network.
  • Application Use: BrowseReporter can be used to track Windows applications.

The fastest way to track web and application activity on your computer will be to perform a standalone installation of CurrentWare by installing BrowseReporter, the CurrentWare server, the CurrentWare console, and CurrentWare client on the same device. 

How To Monitor Activity On Another Computer With BrowseReporter

BrowseReporter app and website activity log with block status and time zone

If you would like to use BrowseReporter to monitor another computer, you can do so by installing the CurrentWare client on each computer that you would like to track. If you’d like to give it a try before purchasing a license, you can track internet activity for free with a 14-day trial. 

If you will be managing multiple devices you will benefit greatly from the included central console as it allows you to manage all of your devices remotely rather than checking each computer manually.


Improve Employee Productivity With CurrentWare’s Employee Monitoring Software

BrowseReporter gives us exactly what we needed. I can easily see exactly what sites people are visiting, when they visit them, and how long they stay there.

Ready to get advanced insights into how your employees spend their time? Reach out to the CurrentWare team for a demo of BrowseReporter, CurrentWare’s employee and computer monitoring software.

  • Improve Productivity
    Track unproductive web browsing and idle time to detect time-wasting
  • Save Time With Intuitive Reports
    User-friendly reports make it easy to understand employee computer activity
  • Enhance Visibility
    See how employees spend their time—even on Terminal Server and Remote Desktop Services!

How to See When Apps/Websites Were Last Used

Software usage tracking dashboard showing active time, idle time, user data, and last used time

BrowseReporter’s internet and application usage dashboards allow you to readily view each users’ last accessed time for specific apps/websites for greater insights into recent activity and resource usage

How to Use This Feature

Software Asset Management

Monitor web and application utilization rates to uncover opportunities to optimize software spend by decommissioning or consolidating underutilized tools

Monitor Productivity & Time Management

See how much time is spent on different apps/websites and identify any distractions or inefficiencies

Optimizing Device Performance And Storage

Find out which apps/websites are used frequently and which ones are rarely or never used; uninstall or disable underused tools to free up space and resources on your device

Cybersecurity & Liability

Check if any apps/websites have been accessed by users that should not be able to, or if users are accessing sensitive apps/websites at anomalous hours

How Do I Check USB Device Usage On My Computer?

Checking USB device history is incredibly useful for performing a digital forensics investigation. If you are running a business it can be helpful to see USB activities on your network to collect evidence of illicit data transfers and the use of unauthorized devices by your employees.

If you are monitoring USB activities on a standalone machine and you do not need real-time alerts or detailed file transfer history, you can use Windows Event Viewer to view events where USB devices have been connected and disconnected from the computer.

If you would like more detailed information about how USB devices are used on your endpoint devices, you can use AccessPatrol for monitoring computer activities such as portable storage file operations and device usage history.

AccessPatrol’s USB tracking features

Hey everyone, this is Dale here. I am the Digital Marketing Manager for CurrentWare.

In today’s video, I’d like to show off the new USB activity dashboards introduced to AccessPatrol in version 7.0.

These dashboards provide a convenient overview of the peripheral device usage of your entire workforce as well as specific groups or users—all from the convenience of a web browser.

They work in tandem with AccessPatrol’s device control features and USB activity reports to protect sensitive data against the security risks of portable storage devices.

Today’s video is just a sneak peek of what AccessPatrol is capable of; as time goes on you can expect to see further enhancements and data points added to these dashboards.

At this time, AccessPatrol can track activities from the following peripherals:

  1. Portable storage devices such as USB flash drives, external hard drives, optical discs, tape drives, and SD cards
  2. and Mobile devices including smartphones, PDAs, and tablets

This device usage data is used to populate various graphs across AccessPatrol’s dashboards. You can further refine how granular this data is by limiting the time frame, selecting only specific groups, and even investigating individual users.

Having these metrics available at a glance makes detecting potential insider threats far more efficient as your organization scales. 

Any groups or users that need to be reviewed further can be investigated using the more granular dashboards and AccessPatrol’s device activity reports.

For a more proactive approach to insider threat management you can set up targeted alerts that will notify designated staff members when these high-risk activities occur. 

For the most up-to-date information on AccessPatrol’s activity tracking and data loss prevention capabilities, visit our knowledge base at CurrentWare.com/Support or visit the AccessPatrol product page at CurrentWare.com/AccessPatrol

 In the overview dashboard you can review the following metrics:

  • File Operations that happened over the selected time period, including the number of files that have been copied/created, the number of files that have been deleted, and the number of files that have been renamed/saved as.
  • Overall Device Activities, with a breakdown of how many of the peripherals were authorized and how many were blocked from use.
  • The Top 5 File Types graph shows the most common file types that are copied/created or deleted to and from portable storage devices
  • The Top 5 Device Types graph shows the most common classes of peripheral devices that are blocked and allowed
  • The Top 5 Files Operations graph shows which groups or users have the greatest number of files that have been Copied/Created and Deleted to and from portable storage devices
  • The Top 5 Devices Activities graph shows which groups or users have the greatest number of Blocked and Allowed devices.
  • And finally, The Activity Log provides access to the raw data, with controls to show and hide certain columns, filter and sort data, conduct searches, and export the data to an Excel spreadsheet or PDF. Each dashboard has their own Activity Log with columns that are relevant to that specific dashboard.

Moving on to the Files Dashboard you will see…

  • A timeline of file operations that shows the relationship between the various operations over the course of the selected time period. This can be used to search for patterns in anomalous device usage, such as peaks in file transfers outside of regular operating hours.
  • You will also see graphs with the Top File Types Copied/Created to internal hard drives and external devices
  • Below that, we have graphs that show the users or groups that have Copied/Created or Deleted the most files
  • And, just like the overview dashboard, there is an Activity Log with the raw data.

Finally, we have the Devices Dashboard

In this dashboard, we have…

  • A device activities graph that shows a timeline with the number of allowed and blocked devices each day. This can be further refined to show an hourly breakdown of a specific day so you can find out what time your users were attempting to use blocked devices. 
  • Next, we have graphs with the users or groups that have the most allowed and blocked devices activity over the selected time period. 
  • Scrolling down to the Activity Log, we can use the sorting controls to take a closer look at the users that have been attempting to use unauthorized peripherals.

As you can see, we have specific users that are repeatedly trying to use devices that have not been approved for use by the organization.

While this could just be an accidental oversight on the user’s part, there’s a risk that it’s something much more serious. 

For example, what if this is actually a disgruntled employee trying to steal trade secrets or sensitive customer data so they can bring it to a competitor, or worse, sell it to cybercriminals on the dark web.

Between the costs associated with a damaged reputation, fines, loss of competitive advantage, and remediation, a data breach like this could completely ruin a company.

Before we confront this employee or send them for retraining, let’s investigate this incident further so we can make an informed decision.

Clicking on this user, we’ll be taken to a dashboard that focuses exclusively on their activity. 

Looking at the Devices graph we can see that they have made multiple attempts to use blocked devices. 

Scrolling down, we can see that they’ve been trying to use unauthorized portable storage devices.

Since AccessPatrol is currently blocking any devices that are not explicitly allowed, I know that the only way sensitive data is leaving through a USB drive is if it’s a device that we’ve allowed before. So, let’s take a closer look at how they’ve been using their approved devices.

As you can see here, the types of files that they are transferring are more than capable of containing sensitive data; let’s take a look at the file names for more details.

With the Activity Log we can use the filters, sorting, and column options to isolate our view to the entries we’re the most interested in. 

Once we find something that looks off, we have more than enough information to confront this employee and take any necessary corrective actions.

Ready to protect your sensitive data against theft to USB portable storage devices? Block and monitor peripheral device usage today with a free trial of AccessPatrol, CurrentWare’s USB control software.

Simply visit CurrentWare.com/Download to get started instantly, or get in touch with us at CurrentWare.com/Contact to book a demo with one of our team members. See you next time!

  • USB Activity Dashboards: Review aggregate and granular USB usage data of your entire workforce including USB file transfers and attempts to use blocked devices.
    Graph of an hourly timeline showing blocked vs allowed USB devices
  • File Operations History: Generate reports on files that are copied, modified, created, and deleted to USB devicesaccesspatrol USB file operations history activity log
  • Devices Accessed: Track USB device history to see devices that have been connected to the computerAccessPatrol allowed vs denied USB device report with a list of storage devices listed

Email alerts can be configured in AccessPatrol to generate real-time alerts of USB device usage and file operations on the endpoints in your network. 

Conclusion

There are a wide array of use cases for monitoring computer activities in your network. With the tips listed in this article, you will be able to track web browsing history, determine if someone has been using your computer, investigate employee data theft, and track logon events.

Sai Kit Chu
Sai Kit Chu
Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.