# finding computer history



## twinklebat (Aug 14, 2009)

I accidentally forgot to turn off the computer I have sensitive information stored in a public place while I went away for a while, and I'm worried in case I was compromised. (And I've been beating myself up over it, as I should.) I left open an unsaved notepad file and a blank message page on my email (gmail). Is there a way to find out computer history, such as what programs or websites were opened, what files have been copied to a connected flash drive if any flash drives had been plugged in? Or find out if my email has been compromised? And everything else I have failed to think of.

Edit: I've also set Firefox to private browsing version. I also have bluetooth.


----------



## Stephen Bowles (Jan 28, 2011)

Yes and no.

In the case of the notepad document that was left opened, it is almost impossible to tell if someone read it. If they altered it or something, you can tell, because you can read it and see if anything has changed. You can also right click and go to properties, to see the last time it was modified/saved, if it happened when you was away, it means someone made some change and saved it.

----

If someone used your Firefox browser, but it is on private or something, then this shouldn't create any logs for you to find, so again, difficult to tell if anyone has been browsing on your system (I don't used Firefox, this assumes private browsing version means it creates no internet history logs, etc.).

----

For your e-mails, just look in your sent file or deleted files, see if anything was deleted or sent. If you received e-mails whilst you was away but didn't look at them, they should be unread, are they still unread? If not, someone had a read of them.

----

You can take a look in your start menu, to look at programs listed there. However, if you already had programs listed there when you went away, it probably wouldn't help you much (unless a strange program is listed there that you never use).

----

In your start menu, there might be something there for "Recent Items". This will show you recently opened items. 

If it is not there, open your start menu, right click on it, and click properties. In the Start Menu tab, click Customize, find the "Recent Items" check box, click it, then click ok on both windows. "Recent Items" should now be on your start menu, if it was keeping a log, it should show you recently opened items.

This will only work if the open to store recently opened items was on.


----------



## sobeit (Nov 11, 2007)

most likely there should be no problems. If you are concern about any accounts you access during that session, then just change the passwords. As far as a log, you said it was a public terminal so you can ask the owner and see if they save logs. Without knowing the security and setup setting the computers have, there is no way to advise about logs. Most likely there are none.


----------



## twinklebat (Aug 14, 2009)

Re Stephen Bowles: Thanks. I, uh, deleted the notepad file without saving it, so I don't think there's going to be a way now to check...

Yeah, those are my Firefox settings. So in case someone copied the text in the notepad file to their email... (I'm getting all paranoid, I know, but expect the worst, right?)

Oh no. 

Re sobeit: Sorry, I should have been clearer. I used my computer in a public place, not used a public terminal.


----------



## sobeit (Nov 11, 2007)

since it is your computer you can do an advance search for files modified and search the date. Then you can sort the search by time. If you know the time you were gone, you can see what files were changed during that period. You cannot get on a computer without some file being modified, changed or created - especially if going online. by knowing the file names you MIGHT be able to guess what happened during that time.


----------



## Proxyman (May 30, 2011)

Check Event Viewer at the time. There might be something there. Probably not.


----------

