How To Find Out If Someone’s Secretly Been Using Your Computer

4 years ago

May 27, 2020 at 1:30 am

Now that we’re all sharing at-home working spaces with roommates, friends, and loved ones, it’s worth thinking a bit more about the security of your laptop or desktop computer. It can feel like a bit invasion of privacy when someone else uses your computer without your permission, especially if you suspect they’re doing it for malicious reasons.

If you believe that a snoopy roommate, sibling or partner is accessing your computer without your permission—for any reason—here’s how you can find out, and get back a bit of your privacy.

How to find out what someone else has accessed on your computer

Before you confront the person you think has been using your computer, you should take a few moments to gather some information. If someone has been messing around with your machine, it may be helpful to know more about what they were doing. This includes checking for logged events, recently opened apps and documents and browser history.

Check for logged events on your PC

You can use Windows Event Viewer to get a sense of any activity that happened while you were away from your computer. To get started, click on the Start button and begin typing “Event,” then select Event Viewer when it pops up. Once you’re there:

Toggle open Windows Logs on the left pane.
Left-Click on “System,” and then look for the right-sidebar option to “Filter Current Log.” This allows you to isolate down to specific events, event types, and times.
In the “Logged” dropdown, select “Custom range…” and then “Events on” in the drop-down menu to narrow the search window to when you think your machine was accessed. Select OK.
From here, you can hit OK to simply browse all events—or you can filter by specific event IDs or task categories.

Generally speaking, you won’t understand what most of these events mean, and that’s OK. What’s more important is whether a ton of events appear during a time when you knew your computer was powered off. If so, it’s possible it might have been used—something you can also check by clicking on “Applications and Service Logs” in the left-hand sidebar, and then Microsoft > Windows > Diagnostics-Performance > Operational. From there, look for Event IDs 100 and 200 to see when your system powered up or shut down.

Check for logged events on your Mac

Mac users have a handy little way to see when their displays have powered on and off, which gives you a clue as to whether someone has been using your system while your away. (Unless, of course, your dog or cat bumped your Magic Mouse. We can’t help you with that.)

To get started:

Open Finder and click on the “Go” menu, and then select “”Go to Folder…”
Enter /var/log and click “Go”
Find and double-click on the “powermanagement” folder
From here, you’ll see a set of .ASL files named by specific dates. Open one up for the date you’re curious about.
In the Console that appears, click on the search bar, type display and press Enter.

You’ll now see a list of times when your display turned on and off. If you were out of the house or know your Mac was (supposedly) powered off at the time, that could be a clue that someone was trying to access your system. It’s also a great reminder that you should always lock down your Mac with a strong password.

Check your documents and applications for recent activity

If you’re on a PC…

Open File Explorer and look for the “Quick Access” section, which should show you recent files that were opened up on your system. You can also navigate around your document and download folders to see if any files were modified at odd times—or just run a simple *.* search in the folder and check file-modification times that way. Additionally, most apps will give you a list of recently opened files. Pull up some common ones (Word, Excel, VLC, Photoshop, et cetera) to see if anyone has been snooping around.

If you don’t want to spend time poking around in program menus, you can use freeware utilities like ExecutedProgramsList and LastActivityView that compile and display information about when files and apps were last opened as well as other activities executed on your machine (such as logons and folder views).

For Mac users…

Click the Apple icon in the upper left corner of the menu bar and hover over Recent Items. This will show you the 10 most recently opened apps, documents, and servers.

Next, open Finder, click Go in the menu bar and hover over Recent Folders to see recently accessed folders and disks. You can also open a Finder window and secondary-click on the “Name / Date Modified / Size / Kind” columns to add “Last opened” dates and times—a handy way to see if someone has tried to look at your files while you’re away.

Check your browser history

Most web browsers make it pretty easy to view your browsing history (assuming someone accessing your system hasn’t cleared it, which may be a clue in itself). In Chrome, for example, click on the triple-dot icon in the upper-right corner and select “History.” You’ll see recently visited and recently closed pages, or you can click on the “History” link to view everything.

These steps are similar in Firefox and Safari—and in most browsers, hitting CTRL+H should be all you need to do to pull up your history (or Command+Y on a Mac, or Command+Shift+H, et cetera).

Now that you have a decent sense of how to figure out if someone has been sniffing around your PC, let’s go over a few steps you can take to lock it down.

Update your password (and, you know, use one)

Your computer password is your first line of defence against intruders. If your machine isn’t password-protected, set one up right now with our guide to help you create a secure password.

If you already use a password for your computer but have shared it widely with people you live with—or if you haven’t upgraded your login credentials from something that’s easily guessable—go ahead and change it to something better. Heck, if you even have the slightest suspicion someone might be accessing your computer when you aren’t home, change your password. Use something unique that you don’t use anywhere else and, of course, something that isn’t easily guessable by those you live with.

Remember to lock your screen

Make sure you’re locking your screen every time you step away from your computer. When you do, you (or the snooper) will have to reenter your password to log back in—an easy method to keep people off your system that don’t know your credentials.

On a PC, the quickest way to lock your screen is to hit the Windows Key + L on your keyboard. On a Mac, the shortcut is Control + Command + Q. (As an extra precaution, make sure your Mac is set to require a password immediately after going to sleep. You’ll find this option under System Preferences > Security & Privacy.) You can also adjust how long your Mac will sit idle before going to sleep under System Preferences > Energy Saver.

Install anti-theft apps or cameras

If you want to catch a computer spy in the act, you’ll likely need a third-party app to really figure out what’s going on.

We like Do Not Disturb for Mac, which notifies you any time someone messes with your hardware. You could also go all-in on anti-theft software like Prey, which comes with loads of features to track and lock your machine if it’s snooped or stolen.

Finally, consider setting video surveillance (hidden with a good view of your machine) to get your snooper on record. Use a cheap security camera with motion alerts, make your own DIY camera using Raspberry Pi or turn your machine’s webcam into a security cam with an app like iSpy.

Of course, protecting your computer and your data from digital snoopers is a whole different topic. Use these tips to secure your hardware, then make sure you’re properly protecting yourself with antivirus and anti-malware.

This article was originally published in 2012 by Whitson Gordon and updated in April 2019 by Emily Long and David Murphy. We significantly revised the article to add additional tips and links to new third-party apps, rewrote portions of the article to clarify new instructions, and changed (or inserted) screenshots. We have left Whitson’s byline on the article as attribution to his original work, thoughts, and ideas.

Does Electrical Muscle Stimulation Really Supercharge Your Workouts?

Use the ‘FlyLady’ Method to Make Routine Cleaning Less Overwhelming

If Your Galaxy Notifications Are Messed Up, Here’s the Fix

When Will There Be an Oscar for Best Stunts? The Fall Guy Team Weigh In

Throw a ‘Packing Party’ to Declutter Your Home

Here Are Amazon Australia’s Best Deals of the Week

TPG Has Changed the Prices for Almost All of Its NBN Plans

Wrap Me in ALDI’s $30 Heated Winter Travel Blanket

JB Hi-Fi Is Clearing Out Games For As Little As $2

Amazon Australia Beauty Week Sale: 24 of the Best Products to Shop