Security Windows

4 Ways to Tell If Someone Was Snooping on Your PC

Philip Bates Updated 14-12-2019

You can take precautions against others using your PC, but sometimes, you don’t think it’s necessary. You can trust your family and friends. And the people you work with won’t snoop on your online activities.


Yet things aren’t right. Your laptop isn’t where you left. Your desk is a mess.

Has someone secretly used your PC? What have they been looking at? Nearly everything you do leaves some kind of trace on a computer. You just need to know where to go in order to find that evidence.

Knowing where to start can drastically reduce the amount of time it takes to find the culprit. Here’s how you can tell if someone logged into your computer without your permission.

1. Check Recent Activities

Microsoft Office recent files

You should already know how to look at recently opened files. Windows introduced this as an easy way to go back to whatever you’ve been working on or looking at. It’s especially handy if you’re adding an attachment to an email or uploading to a blog. But you can also use this feature to check if someone else has been accessing your files.


Just head to the File Explorer by either opening Documents, This PC, or pressing Windows key + E. At the top left of the menu, click on Quick access. You’ll be able to see what’s been opened, so look for anything you haven’t accessed yourself.

Alternatively, you can check files opened in individual apps How to View Any App's Recent Files in Windows 10 Windows 10 includes powerful search features, but did you know that you can see recent files created by a program without even opening it? Read More . If you think someone’s snooped on a PowerPoint presentation you made, check Recent in that program.

2. Check Recently Modified Files

However, anyone can wipe recent activity from your machine. Just left click on Quick access > Options > Clear File Explorer History. If your recent activity has been deleted, this is at least a sign that someone has used your PC. But how can you tell what folders they’ve opened?

Navigate back to File Explorer then type “datemodified:” into the search field at the top right. You can refine by a date range. It’s probably most useful if you click on Today, but you can go back a whole year too.


You’ll see a list of files that have been accessed—as long as something was changed. Let’s hope you’re lucky enough that your PC automatically saved an item while the snooper was at work. Check the times listed and narrow down when you were away from your device.

3. Check Your Browser History

Okay, everyone knows you can easily delete your browsing history How to Delete Your Google Chrome History Do you wish you could wipe your Google Chrome search history and start with a clean slate? Luckily, it's both possible and easy to do! Read More . But if someone used your PC in a hurry, they might’ve forgotten this step.

Google Chrome has the biggest market share, so it’s most likely that whoever went on your computer used that. Click on the vertical ellipsis in the top right corner then History and see if anything’s amiss.

Don’t rule out other browsers though. If your PC has Edge, go to the ellipsis then Favorites > History. You can use a similar method if you still have Internet Explorer installed. Firefox users should click on the menu, followed by History > Show All History.


4. Check Windows 10 Logon Events

You want to know if someone else has accessed your PC, but the simple methods are yet to bear fruit. Fortunately, you can delve deeper into your computer for further evidence.

Windows 10 Home automatically audits logon events—meaning it takes a note of every time you log into your device. So how can you check it? And once you’ve found the log, how can you interpret any meaning from it?

Windows Logs for logon audits

Search for Event Viewer and click on the app. Go to Windows Log > Security. You’ll see a long list of activities, most of which won’t make much sense to you unless you know Windows ID codes well.


Event Viewer Windows 10 shows logon audits

The one you need to look out for is “4624”, which records as a “Logon”. “4672” means “Special Logon”, which you might see in conjunction with a standard logon. This indicates an administrative login. “4634” will be listed when an account logs off your PC.

Logon Windows 10 Log Security

It might be difficult to spot these codes, but you can narrow it down by using the Find… feature in the Actions menu to the right.

If you know a time you were away from your computer, you can either scroll through the log or use Filters. Go to Actions > Filter Current Log then use the dropdown menu under Logged.

Click on any individual log to find out more details, including which account signed in. This is useful if you think someone has used your PC but not your system.

How to Enable Logon Auditing on Windows 10 Pro

The Home version of Windows 10 audits logons by default. However, the Pro version could require some tinkering.

Access the Group Policy Editor by searching for “gpedit”. Next, go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy > Logon Audits. You need to select Success and Failure in order for it to register successful and unsuccessful login attempts.

After you’ve done this, you can check the audits for future reference by using the aforementioned method via Event Viewer.

How to Stop Others Using Your Computer

How can you stop others accessing your PC? Firstly, you can ask. You might be questioned about why it bothers you, but if it’s your own property, it’s your right.

The most important thing is to create a strong password for your account. Make sure it’s not predictable. Don’t write it down anywhere. And whenever you leave your desk, press Windows key + L. It’s one of the best ways to lock your PC The 6 Best Methods to Lock Your Windows PC Locking your computer is essential in preventing unattended access. Here are several great ways to do so in any version of Windows. Read More and make certain no one can snoop on your activities.

Image Credit: undrey/Depositphotos

Related topics: Computer Privacy, Computer Security, System Monitor.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Amit
    April 10, 2019 at 6:51 am

    I want app that when Somone try to access my laptop password while is on lock mode or touch any keypad web cam take video or take capture of that person.

  2. Pat
    March 22, 2019 at 3:50 pm

    Harder to detect someone using the file explorer and accessing a shared drive on your computer when connected to the network.

    Hint: backslash backslash {computer ip or name} backslash c dollar sign backslash

  3. dragonmouth
    March 18, 2019 at 6:23 pm

    "2. Check Recently Modified Files"
    Windows updates/creates hundreds of files every day even without any users being logged on. So looking at modified files to discover unauthorized access is an exercise in futility.

  4. Helene
    October 4, 2018 at 9:04 pm

    Thanks I will try tomorrow as my laptop is locked in the office ;
    If someone doesn’t have the pasword or logs in as administrator by copying the files, can we find it out?

  5. evan
    July 5, 2016 at 1:33 am


  6. George
    April 24, 2015 at 10:14 pm

    I'm suspecting one of the users are using folders that are not assigned to them on my PC, Is there a way to see what folders user viewed? Can this be found from server log file? On server MS SBS Standard 2011.

  7. shezar maghrougali
    February 18, 2015 at 7:04 am

    Sometimes when I shot down my computer, it shows me a message "Somebody is logged on your computer. Do you want to continue?"
    My question: How can I find out who is logged on my computer?

  8. Alex
    December 31, 2014 at 7:11 pm

    Unless they deleted it on the way out check the C: drive users folder and there you will find any file that was created the moment they logged in and when the file was last modified.

  9. jeber
    September 26, 2013 at 4:09 pm

    use keylogger,
    then make it superstealth, haha

  10. Obama
    September 11, 2013 at 2:00 pm

    Hello dixygirl... restore event will be captured by windows... I don't think the log files get overwritten because of system restore :p

    September 11, 2013 at 1:28 pm

    You could use a Linux live cd or usb drive if you need to use the computer but don't want to leave traces of your activity.

  12. dxraygirl
    September 9, 2013 at 3:50 pm

    all good unless they ran "restore" to before they logged into the system. Then what?

  13. samrocky
    September 9, 2013 at 9:06 am

    its difficult to understand but its cool brother.thanks.........

  14. fosscoder
    September 6, 2013 at 5:34 pm

    Nice Article, Ryan Dube. If you don't mind I more like to tell you a most common place to look just in case if the user is suspicious that his/her PC has accessed by someone. Here is the step to check. Go to RUN -> Type "Recent" and the user can see all the files that have been opened.
    [Broken URL Removed]

    • Peter Shaw
      March 30, 2019 at 5:00 pm

      Not on my laptop!!

  15. Danny
    September 5, 2013 at 10:55 pm


    I stumbled across your page by accident and I am no tekkie. But I think a very quick and simple check for computer activity is to open Explorer and do a file search on C drive(or all drives individually) using the wildcard only for the file name and the day you want to search on to see if any files were changed.

    Also you can go to:

    C:Documents and SettingsuserLocal SettingsHistory

    and click on "Today", then click on my "My Computer" and you will see all the files that were accessed, and they too will be time stamped.

    Could you not also install a key logger as a preemptive strike?

  16. Nairuz
    September 3, 2013 at 2:32 pm

    I have followed all the steps to receive notifications to my email but did not work for me . I used this argument" -f -t -u Someone Logged Into Your Computer -m Someone just logged into your computer! -s -xu -xp password -o tls=yes"

    why cannot get the notification to me email and is there another way to receive notifications to my email aside from ispy

  17. Joe F
    September 2, 2013 at 5:03 pm

    Nice overview of basic security checks!

  18. shaun wray
    September 1, 2013 at 10:12 am

    very interesting,very useful

  19. dragonmouth
    August 31, 2013 at 1:39 am

    A naive question perhaps, but wouldn't the login stop unauthorized use?

    If you freely share your userid/password then you deserve all that happens. OTOH, if my room mate is a hacker then I do what Minnesota Fats had his boys do to Fast Eddie Felsen, I break his fingers.

    • Ryan Dube
      August 31, 2013 at 2:40 am

      A login can - but in situations like a household, some people don't actually enable password login (I know, crazy right?)

      There's also the situation where you've walked away from your computer and someone has jumped on it before the screensaver lock kicks in - things like that.

  20. BLord
    August 31, 2013 at 1:05 am

    Great post, RD. Keep it thorough.

  21. daf
    August 30, 2013 at 2:59 pm

    in your photo for this article you have a mac but the article is only about windows. do you have the same info for mac too?

    • Ryan Dube
      August 31, 2013 at 2:38 am

      No - but thanks to your comment we may have just such an article in the works. :-)

  22. Wilfredo Jr. D
    August 29, 2013 at 11:53 pm

    Very useful info sir!

  23. Akshay G
    August 29, 2013 at 6:38 pm

    Or,one can use a key-logger/screenshot service. Although they are extreme measures,they are extremely effective tools to nab people who go thru personal data/do illegal activities in your laptop.

  24. Tony Bze
    August 29, 2013 at 5:12 pm

    Can you have this document in PDF available, plz. Thanks.