1

My significant other is a lecturer in Social Sciences at a university and today one of their students did not manage to bring a laptop to her class in a class that needed one. She ended up offering the student to use her own. Only later, she realised this was potentially a bad idea from the security and privacy point of view.

To make sure to minimise risks, I tried to check whether there was any cause for concern or if it was just one of many instances of students being students.

As the assignment was all web-based, I checked the web history of the browser. The quantity and quality of the pages visited seem compatible with the student just doing their work.

Besides running the antivirus/security checks (which all return without problems), I tried to take a look on the log files of the computer, but as I haven't owned a Windows computer for over 10 years, I am not sure with the terminology. I checked the security tab of event-log, and the following logs appear during the time the student had the computer:

security event-log for the time the student was using the computer

Here I filtered only for the events of logon, logoff and special logon. Is the presence of such logs cause for concern? Are there other logs I should check? Notice that there were no logoffs during the time period.

Cheers and thank you in advance for the help.

Improve this question
3
  • 3
    I don't think there really is a good answer to this question. in all likelihood, there is no problem at all, but if the logged in user account is an admin, or the adversary had the opportunity to hibernate the OS, they could do a wide variety of nasty (and increasingly unlikely) things. the logs you have found don't indicate any particular problem (services and tasks are always logging in to do this, that, or the other). Look at the programs currently installed to make sure you recognize everything, review system services and scheduled tasks. run your AV. not a lot else you can do.
    – Frank Thomas
    Commented Nov 24, 2021 at 21:32
  • 1
    ProTip: have your SO review their browser history themselves. little good can come from you examining it, whether you have a technical problem or not.
    – Frank Thomas
    Commented Nov 24, 2021 at 21:34
  • Thanks for the help @FrankThomas! Oh, I came a bit too late for your answer @John. Could you give a snippet of the idea?
    – Kernel
    Commented Nov 24, 2021 at 21:49

1 Answer 1

Reset to default
1

It's too late to view a range of things the student might have done. One useful tool would be a registry checker like Regshot, to see all changes to the registry. It will be a massive list though over a single hour of use.

Another method may be to look at the Windows Event Viewer.

There are a host of other software created by Microsoft or open-source that will help monitor your computer, but most need to be implemented before the malicious attack actually happens.

Windows Syson

OSSEC

Tripwire

Improve this answer
2
  • 1
    Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Jul 6, 2023 at 19:22
  • Added links as per Community Bot.
    – Eternal482223
    Commented Jul 6, 2023 at 20:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .