How Do I Check Recent Activity On My Computer?

two people checking their computer activity together

This article will be answering this common question: “how do I check recent activity on my computer?”. I will show you how to review recent activities using apps that come included with Windows as well as CurrentWare’s employee and computer monitoring software solutions.

Checking recent activity on your computer allows you to see how the devices in your network have been used, allowing you to investigate suspicious activity such as web browsing and changes to files during periods where nobody should have been accessing the PC.

Software to Check Recent Activity on Employee Computers

Hello! Today I will be showing you all of the solutions available in the CurrentWare Suite. Each solution can be purchased individually for the greatest flexibility or as a bundle for the best value.

The CurrentWare suite can monitor and manage remote, on-premises, and hybrid users, making them ideal tools for managing the productivity and security of a remote workforce.

Alright, let’s get started.

With the CurrentWare web console you can manage policies, review dashboards, and run user activity reports from the convenience of a web browser.

Your CurrentWare solutions are installed and managed by your company either on-premises or on a virtual machine hosted by a cloud service provider of your choice, giving you full control over your data.

CurrentWare is also a Citrix-ready partner, making Windows VDI deployments simple for your organization.

The CurrentWare Suite includes:

AccessPatrol: Device control software
BrowseControl: Internet filtering software
BrowseReporter: Employee computer monitoring software
And enPowerManager: Remote PC power manager

Each solution allows you to apply unique policies for each group of users or computers. These policies will be enforced even when the computers are disconnected from the network.

Let’s start with AccessPatrol

With AccessPatrol you can:

Use the USB activity dashboards to monitor how portable storage devices and other peripherals are being used in your organization
Restrict a variety of peripherals including USB storage devices, phones, and Bluetooth
Add approved peripherals to an Allowed List
Get device activity reports on-demand, at a set schedule, or when specific events occur
And Block file transfers to USB devices based on file name or extension

With BrowseControl you can:

Control internet access based on URLs and content categories
Schedule unique allow or block lists
Prevent users from launching specific applications
And block network ports

Let’s move on to BrowseReporter

With BrowseReporter you can:

Use the computer activity dashboards to track metrics such as productivity, web browsing, application usage, bandwidth consumption, and active vs idle time of your entire workforce, specific groups, or specific users
You can generate user activity reports on-demand, at a set schedule, or when specific events occur
Capture screenshots of your users’ desktops
And schedule activity tracking to stop monitoring your users at designated off-hours times such as breaks.

Finally, with enPowerManager you can:

Generate reports on computer power states and logon-logoff times
Start up, shut down, restart, standby, and hibernate computers on a set schedule or on-demand
Configure advanced power policies for mobile computers
And provide your end-users with a warning message before their computers shut down

If you would like to try out CurrentWare for yourself you can instantly get a free trial at CurrentWare.com/Download or book a demo with our sales team at CurrentWare.com/Sales

This video is current as of version 7.0, which was released in February 2022. For the most up-to-date information on the latest features please visit our release notes at CurrentWare.com/support/release-notes/

Need to monitor computer activity on another computer? With CurrentWare’s employee computer monitoring software, monitoring computer activities is as easy as installing the solution on your employee’s computers and running reports on their computer activity from a convenient central console.

Track web browsing including time spent on each site, the exact URL, the web page title, and more
Monitor application usage to see who is playing games or using unauthorized software
Track idle time to see how active your employees are on their computers
Monitor bandwidth usage to see who is slowing down the network with Netflix, Twitch, and Sports streaming

Get My Free Trial

Chat With CurrentWare

How Can I Tell if Someone Has Used My Computer?
How Do I Check Internet Browsing Activity On My Computer?
How Do I Check USB Device History On My Computer?

How Can I Tell if Someone Has Used My Computer?

If you are concerned that someone else has been using your computer, Windows includes free tools that you can use to check recent activity on your computer. If you discover events that occurred when you were not using your computer, it could be an indication that your computer was used without your knowledge.

Use Windows Event Viewer to Check Computer Events

Note: When you view the logs in Windows Event Viewer you are likely to see a few event logs of errors that have occurred on your machine. This is completely normal and not an immediate cause for concern if your machine is otherwise running smoothly – the application records every event on your computer, including minor start-up and processing errors that have likely resolved themselves.

Windows Event Viewer is a utility that comes included with the Windows operating system. It’s intended to be used by system administrators to view event logs on local and remote machines, but it can also tell you when your computer has been turned on. If your computer has been turned on when you were not using it, that could mean that someone else was using your computer.

Press the Windows key on your keyboard – the Windows symbol is found in the bottom-left corner of most keyboards, between the CTRL and ALT keys.
Type Event – this will highlight Event Viewer in the search box
Press the Enter key to launch Event Viewer
Double-Click Windows Logs in the left-hand pane
In the drop-down menu below Windows Logs, click System
In the right-hand pane click Filter Current Log
This will bring up the Filter Current Log pop-up menu. Click on the Event sources drop-down menu and scroll down until you see Power-Troubleshooter.
Click the box next to Power-Troubleshooter, then click anywhere in the gray area in the Filter Current Log window to close the menu.
Click the OK Button.
In the center window you will now see all of the times that your computer has been turned on. If you did not turn on the computer for one of the events listed, someone else may have been using your computer.

If you are using Windows 10 Professional, you can also enable auditing of logon events in the Local Group Policy Editor. This will allow you to track which user accounts log in to your Windows devices.

If you would like to audit logon events for multiple computers, you can use enPowerManager’s logon/logoff tracking report for monitoring these computer activities at-scale.

enpowermanager's user logon history report with timestamps of when employees log in and out each day

Get My Free Trial

Chat With CurrentWare

How to View Recently Edited Files

Viewing recently edited files on your Windows machine will allow you to see what files were opened on your computer. If you find files that were recently modified when you were not using your PC, this could mean that someone else was on your computer.

Press the Windows key on your keyboard – the Windows symbol is found in the bottom-left corner of most keyboards, between the CTRL and ALT keys.
Type Run – this will highlight the Run application in the search box
Press the Enter key to launch the Run application
In the box that pops up, type in Recent
This will bring up a window that shows all of the files that have been recently edited on your computer. There is likely to be unfamiliar files without icons – these are likely temporary files and are not a cause for concern.
You can sort items by the date that they were last modified by clicking the Date Modified box at the top. If this is not visible to you, Right Click the column headers and select Date Modified from the drop-down menu.

How Do I Check Internet Browsing Activity On My Computer?

Each web browser (Chrome, Firefox, Opera, Internet Explorer, Edge, etc) comes with its own internet browsing history. This can often be accessed by launching the program and pressing CTRL + H to bring up the browsing data of your device.

Unfortunately, if you or another user were browsing in a private browsing mode such as Chrome’s Incognito mode or Edge’s InPrivate mode you will not be able to see internet browsing activity from that time period using this method.

Fortunately, there are tools for monitoring computer activities that can track web browsing history even when private browsing modes are used.

Use BrowseReporter to Check Application Usage and Web Activity

CurrentWare’s BrowseReporter is a computer monitoring software that can be used to monitor activity on your own computer or another computer in your network. BrowseReporter is a powerful employee tracking software for monitoring how employees use the internet and computer applications in the workplace.

BrowseReporter can track these computer activities:

Internet Browsing: Monitor all websites that are visited, even when private browsing is enabled.
Bandwidth Monitor: Bandwidth usage can be logged to troubleshoot slow internet connections and discover bandwidth abuse in the network.
Application Use: BrowseReporter can be used to track Windows applications.

The fastest way to track web and application activity on your computer will be to perform a standalone installation of CurrentWare by installing BrowseReporter, the CurrentWare server, the CurrentWare console, and CurrentWare client on the same device.

Get My Free Trial

Learn More

How To Monitor Activity On Another Computer With BrowseReporter

BrowseReporter application activity by hour dashboard

If you would like to use BrowseReporter to monitor another computer, you can do so by installing the CurrentWare client on each computer that you would like to track. If you’d like to give it a try before purchasing a license, you can track internet activity for free with a 14-day trial.

If you will be managing multiple devices you will benefit greatly from the included central console as it allows you to manage all of your devices remotely rather than checking each computer manually.

Improve Employee Productivity With BrowseReporter

“The employees find the reports to be an extremely helpful self-analysis tool, and use the reports to analyze and reconfigure priorities!”

Ready to get advanced insights into how your employees spend their time? Reach out to the CurrentWare team for a demo of BrowseReporter, CurrentWare’s employee and computer monitoring software.

Learn More

Contact Sales

How Do I Check USB Device Usage On My Computer?

AccessPatrol is a device control software solution that protects sensitive data against theft to portable storage devices.

AccessPatrol keeps data secure by…

Preventing users from stealing data or transferring malicious files with easily concealed USB flash drives
Maintaining auditable records of file transfers to portable storage devices, and…
Triggering real-time alerts when security policies are violated

AccessPatrol’s central console allows you to apply security policies and run reports on your user’s USB activities from the convenience of a web browser.

The security policies are enforced by a software agent that is installed on your user’s computers. This keeps devices restricted and monitored even when the computers are taken off of the network.

Here’s an overview of AccessPatrol’s key features.

Under Device Permissions you can assign unique device control policies for specific groups of computers or users.

AccessPatrol controls a variety of peripherals, including…

Storage devices such as USB flash drives and external hard drives
Wireless Devices such as Bluetooth, Infrared, and WiFi
Communication Ports such as Serial and Parallel ports
Imaging Devices such as Scanners or Cameras, and…
Other Devices such as network share drives, printers, and mobile phones

Under the allowed list you can specify trusted devices that can be used on your computers.

If you need to temporarily lift device restrictions for devices that aren’t on the allowed list, you can use the access code generator.

This allows you to set a time-limited policy exemption for a specific computer. The access code generator does not require internet access to work, making it the ideal solution for travelling users and other special circumstances.

To further protect sensitive data, AccessPatrol allows you to block file transfers based on file names and extensions. This ensures that even allowed devices can’t transfer sensitive data.

AccessPatrol also includes a variety of USB activity reports to help organizations audit data transfers and peripheral device use.

These reports provide insight into…

All files that have been copied, created, renamed, or deleted on USB storage devices, and…
A timestamped device history for each user, including attempts to use blocked devices

AccessPatrol’s reports can be generated on-demand, on a set schedule, or automatically sent to your inbox to alert you of specific events.

Don’t let a preventable data leak ruin your organization. Take back control over portable storage devices with a free trial of AccessPatrol.

Get started today by visiting CurrentWare.com/Download

If you have any questions during your evaluation our technical support team is available to help you over a phone call, live chat, or email.

Thank you!

Checking USB device history is incredibly useful for performing a digital forensics investigation. If you are running a business it can be helpful to see USB activities on your network to collect evidence of illicit data transfers and the use of unauthorized devices by your employees.

If you are monitoring USB activities on a standalone machine and you do not need real-time alerts or detailed file transfer history, you can use Windows Event Viewer to view events where USB devices have been connected and disconnected from the computer.

If you would like more detailed information about how USB devices are used on your endpoint devices, you can use AccessPatrol for monitoring computer activities such as portable storage file operations and device usage history.

AccessPatrol’s USB tracking features

Hey everyone, this is Dale here. I am the Digital Marketing Manager for CurrentWare.

In today’s video, I’d like to show off the new USB activity dashboards introduced to AccessPatrol in version 7.0.

These dashboards provide a convenient overview of the peripheral device usage of your entire workforce as well as specific groups or users—all from the convenience of a web browser.

They work in tandem with AccessPatrol’s device control features and USB activity reports to protect sensitive data against the security risks of portable storage devices.

Today’s video is just a sneak peek of what AccessPatrol is capable of; as time goes on you can expect to see further enhancements and data points added to these dashboards.

At this time, AccessPatrol can track activities from the following peripherals:

Portable storage devices such as USB flash drives, external hard drives, optical discs, tape drives, and SD cards
and Mobile devices including smartphones, PDAs, and tablets

This device usage data is used to populate various graphs across AccessPatrol’s dashboards. You can further refine how granular this data is by limiting the time frame, selecting only specific groups, and even investigating individual users.

Having these metrics available at a glance makes detecting potential insider threats far more efficient as your organization scales.

Any groups or users that need to be reviewed further can be investigated using the more granular dashboards and AccessPatrol’s device activity reports.

For a more proactive approach to insider threat management you can set up targeted alerts that will notify designated staff members when these high-risk activities occur.

For the most up-to-date information on AccessPatrol’s activity tracking and data loss prevention capabilities, visit our knowledge base at CurrentWare.com/Support or visit the AccessPatrol product page at CurrentWare.com/AccessPatrol

In the overview dashboard you can review the following metrics:

File Operations that happened over the selected time period, including the number of files that have been copied/created, the number of files that have been deleted, and the number of files that have been renamed/saved as.
Overall Device Activities, with a breakdown of how many of the peripherals were authorized and how many were blocked from use.
The Top 5 File Types graph shows the most common file types that are copied/created or deleted to and from portable storage devices
The Top 5 Device Types graph shows the most common classes of peripheral devices that are blocked and allowed
The Top 5 Files Operations graph shows which groups or users have the greatest number of files that have been Copied/Created and Deleted to and from portable storage devices
The Top 5 Devices Activities graph shows which groups or users have the greatest number of Blocked and Allowed devices.
And finally, The Activity Log provides access to the raw data, with controls to show and hide certain columns, filter and sort data, conduct searches, and export the data to an Excel spreadsheet or PDF. Each dashboard has their own Activity Log with columns that are relevant to that specific dashboard.

Moving on to the Files Dashboard you will see…

A timeline of file operations that shows the relationship between the various operations over the course of the selected time period. This can be used to search for patterns in anomalous device usage, such as peaks in file transfers outside of regular operating hours.
You will also see graphs with the Top File Types Copied/Created to internal hard drives and external devices
Below that, we have graphs that show the users or groups that have Copied/Created or Deleted the most files
And, just like the overview dashboard, there is an Activity Log with the raw data.

Finally, we have the Devices Dashboard.

In this dashboard, we have…

A device activities graph that shows a timeline with the number of allowed and blocked devices each day. This can be further refined to show an hourly breakdown of a specific day so you can find out what time your users were attempting to use blocked devices.
Next, we have graphs with the users or groups that have the most allowed and blocked devices activity over the selected time period.
Scrolling down to the Activity Log, we can use the sorting controls to take a closer look at the users that have been attempting to use unauthorized peripherals.

As you can see, we have specific users that are repeatedly trying to use devices that have not been approved for use by the organization.

While this could just be an accidental oversight on the user’s part, there’s a risk that it’s something much more serious.

For example, what if this is actually a disgruntled employee trying to steal trade secrets or sensitive customer data so they can bring it to a competitor, or worse, sell it to cybercriminals on the dark web.

Between the costs associated with a damaged reputation, fines, loss of competitive advantage, and remediation, a data breach like this could completely ruin a company.

Before we confront this employee or send them for retraining, let’s investigate this incident further so we can make an informed decision.

Clicking on this user, we’ll be taken to a dashboard that focuses exclusively on their activity.

Looking at the Devices graph we can see that they have made multiple attempts to use blocked devices.

Scrolling down, we can see that they’ve been trying to use unauthorized portable storage devices.

Since AccessPatrol is currently blocking any devices that are not explicitly allowed, I know that the only way sensitive data is leaving through a USB drive is if it’s a device that we’ve allowed before. So, let’s take a closer look at how they’ve been using their approved devices.

As you can see here, the types of files that they are transferring are more than capable of containing sensitive data; let’s take a look at the file names for more details.

With the Activity Log we can use the filters, sorting, and column options to isolate our view to the entries we’re the most interested in.

Once we find something that looks off, we have more than enough information to confront this employee and take any necessary corrective actions.

Ready to protect your sensitive data against theft to USB portable storage devices? Block and monitor peripheral device usage today with a free trial of AccessPatrol, CurrentWare’s USB control software.

Simply visit CurrentWare.com/Download to get started instantly, or get in touch with us at CurrentWare.com/Contact to book a demo with one of our team members. See you next time!

USB Activity Dashboards: Review aggregate and granular USB usage data of your entire workforce including USB file transfers and attempts to use blocked devices.
File Operations History: Generate reports on files that are copied, modified, created, and deleted to USB devices
Devices Accessed: Track USB device history to see devices that have been connected to the computer

Email alerts can be configured in AccessPatrol to generate real-time alerts of USB device usage and file operations on the endpoints in your network.

Get My Free Trial

Learn More

Conclusion

There are a wide array of use cases for monitoring computer activities in your network. With the tips listed in this article you will be able to track web browsing history, determine if someone has been using your computer, investigate employee data theft, and track logon events.

Sai Kit Chu

Sai Kit Chu is a Product Manager with CurrentWare. He enjoys helping businesses improve their employee productivity & data loss prevention efforts through the deployment of the CurrentWare solutions.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_dc_gtm_UA-6494714-6	1 minute	No description
_gaexp_rc	past	No description available.
34f6831605	session	No description
383aeadb58	session	No description available.
663a60c55d	session	No description available.
6e4b8efee4	session	No description available.
c72887300d	session	No description available.
cookielawinfo-checkbox-tracking	1 year	No description
crmcsr	session	No description available.
currentware-_zldp	2 years	No description
currentware-_zldt	1 day	No description
et_pb_ab_view_page_26104	session	No description
gaclientid	1 month	No description
gclid	1 month	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_ref_domain	1 month	No description
handl_url	1 month	No description available.
handl_url_base	1 month	No description
handlID	1 month	No description
HandLtestDomainName	session	No description
HandLtestDomainNameServer	1 day	No description
isiframeenabled	1 day	No description available.
m	2 years	No description available.
nitroCachedPage	session	No description
organic_source	1 month	No description
organic_source_str	1 month	No description
traffic_source	1 month	No description available.
uesign	1 month	No description
user_agent	1 month	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zld685336000000002056state	5 minutes	No description

How Do I Check Recent Activity On My Computer?

Software to Check Recent Activity on Employee Computers

Table of Contents

How Can I Tell if Someone Has Used My Computer?

Use Windows Event Viewer to Check Computer Events

How to View Recently Edited Files

How Do I Check Internet Browsing Activity On My Computer?

Use BrowseReporter to Check Application Usage and Web Activity

How To Monitor Activity On Another Computer With BrowseReporter

Improve Employee Productivity With BrowseReporter

How Do I Check USB Device Usage On My Computer?

AccessPatrol’s USB tracking features

Conclusion

Sai Kit Chu

Related posts

How to Use enPowerManager—PC Power Manager & Employee Login Tracker

Employee Monitoring: A Cost-Effective Way to Survive an Unstable Economy