How to find if the a person has accessed any sensitive  documents from my PC  in my absence

Posted on 2012-09-04
Last Modified: 2012-09-18

I use windows 7 and I forgot to lock my PC and  came after 30 minutes and  i saw my friend using my PC. I had sensitive information on a doc which had all the admin and Network  passwords. Iam bit worried if he had opened this document and viewed during my absence.

Is there a way to find out if he had opened that particular document  during this instant of time.

Question by:lianne143
    LVL 28

    Assisted Solution

    You should be able to check your Recent Items list at the following location:


    Once you have navigated there, sort by the Date Modified column to see which files were accessed most recently.
    LVL 6

    Accepted Solution

    like Run5k says this is the only way.

    But moving forwards what you can do is enable auditing on the folder where you keep all your sensitive documents.  Then maybe look at free SEIM tools so you can correlate these events into meaningful threads.  (this is if you want to go down the best practise route)

    you can then create threads for file access, file edit, file delete and so on.

    So any time there is access it is logged, so even if anyone access it even without you knowing it still logged and you can view.
    LVL 38

    Assisted Solution

    by:Rich Rumble
    The problem in this situation is, you were looking at it, and he/she was using your computer as you, so it'd be very difficult to tell what the other person did and what you were doing, unless your clock/watch is synced well to your computer's clock. And you'd have to know exactly when you stepped away and came back.
    You should note that M$ word/excel create temporary files in the directory they are run from, so someone can copy them when you open a document, and even recover them after you close using an Undelete utility. If you have such data, keep it encrypted in a TrueCrypt folder so that doesn't leave behind such a mess. However while the TC container is open, it looks just like any other drive would so if the person has permission to that folder/drive they could recover or copy the temp file office creates, but when you close that folder/drive no one can see what was there.
    We use physical access to sensitive passwords, which we generate and never use a human memorable one. We have a lock box, 2 keys which remain with 2 people at all times (typically the On-Call persons). You can also use password safes, we use them in case of who knows what. Each person is responsible for their safe, and no passwords are shared. Each person has their own usernames and passwords, but those usernames and passwords are equal in terms of access. We can audit admin-2's use of his high priv account, and admin-3's because we know they have certain usernames, and they maintain the access to their safe. No one knows the domain admin password, it's in the safe, and if that get's lost, we have a lot of recovery to do, but that is the trade off we decided on.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
    This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now