How to Easily Tell If Someone Opened Your Files on a Mac

Oct 2, 2012 - 13 Comments

Determine if someone used your Mac and opened files

If you suspect someone is using your Mac while you’re away and getting into personal documents and files, the easiest way to quickly find out is by looking at the Recent Items list:

  • Pull down the  Apple menu and go to “Recent Items”
  • Look for apps, servers, and documents you didn’t open

Now you’re probably thinking, how do I know what I opened and what someone else opened? Well other than the obvious, your best bet may be to set a trap of sorts by clearing out that menu list, then leaving your Mac alone. Then the next time you look at the Recent Items list, nothing but what the suspect opened will be listed in the menu. Setting the “trap” is easy:

  • Close out of all apps, files, and documents
  • From the  Apple menu, go to “Recent Items” then choose “Clear Menu”
  • Now leave the Mac alone, don’t open anything

After you’ve returned to the Mac, don’t do anything before looking at the “Recent Items” list again, and if it contains anything then you know exactly what someone opened, whether it was an app or two, a couple of files, or whatever else. The video embedded below demonstrates this easy process:

If you want to track more than 10 apps and 10 documents, adjust the amount of things stored in Recent Items by going  Apple menu, System Preferences, General, then selecting “20” or more in the Show Recent Items option.

This is obviously not going to be scientific, and a savvy Mac user could obviously clear their tracks by going to Clear Menu on their own, but the vast majority of people wouldn’t think to do this so it’s an easy way to catch the simpler cases of digital peeping toms and to find out exactly what files they opened. If someone was a step ahead and cleared out that menu, you can dig deeper and also determine if someone used a Mac by checking system logs, finding exact boot and wake times, and also determining precisely what caused a Mac to wake from sleep.

Finally, your best protection against people snooping around on your Mac is to password protect your Mac. Do this with login passwords for sleep, boot, and wake, and always use the lock screen when you’re away from your Mac.

Thanks to Joe for the tip idea

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: William Pearson in Mac OS X, Security, Tips & Tricks

13 Comments

» Comments RSS Feed

  1. Aidan Daniels says:

    I like the “Trap” idea LOL, but if you don’t have time to do that the next best thing is this with Lion or Mountain Lion:

    – Open “All My Files” and sort list by “Last Opened”

    All files on top are the most recently opened. Now just look at the time they were opened, were you using the computer then? If not, someone else was!

    Simple alternative solution to the one mentioned above, and what I used to catch my little brother snooping around not long ago!

  2. Murex says:

    I have a better idea then this idiotic nonsense … you could try not leaving your computer wide open around people you don’t trust, and lock then screen if you can’t.

    • THANK YOU! I saw this article on Facebook today and decided, once I managed to pick myself up off the floor from rofl (literally), to read it. Absolute stupidity. There’s a simple term we geeks use to describe people who have security issues and use this kind of “solution”…..PEBKAC

  3. RMH says:

    Wow, slow inspiration day?

    Anyone mischievous enough to snoop into someone else’s files knows how to clear out the “recent items” list to cover their tracks.

    I’m with Murex. If you have to worry about this, lock your screen or carry your laptop with you!

    • media_lush says:

      …. you can get around this if you clear out recent items list and then just take a screen grab (any screen grab) so it appears in the recent item list… then dump it into the trash and empty it. Now you know for sure if anyone opens a file as the screengrab will appear in the recent items list but will not be able to be opened…. if it doesn’t appear…., well either way you’ll know.

  4. djjdevos says:

    Fortunately/unfortunately Apple makes it very easy, using “Quick Look” to look at many file types without “opening” the file – thus not appearing in the “Recent Items” list.

  5. Here’s a brilliant new technique – lock your screen when you leave your Mac. Seriously, if security and privacy are a concern for you, you shouldn’t walk away from your Mac without locking it anymore than you would leave your house without locking the door.

    If your only method of keeping up with people accessing your stuff is checking your recent items, you deserve to be snooped on.

    • djjdevos says:

      No argument here – full agreement.

    • Yessirree says:

      Completely agree. You HAVE to set passwords. Not just for your Mac, but for your iPhone, iPad, EVERYTHING that has personal data on it. What if you lost it? People could see anything. Passwords = necessary.

      • Exactly. I’ve taken it a step further – i only know ONE of my 100+ passwords. I use Dashlane as my keychain and it keeps everything in sync. I generate random passwords for everything, ranging from 16-32 characters depending on the site, and I don’t know ANY of them. Thankfully, the way Dashlane is set up, even if they go out of business, the data is stored and encrypted locally too, so I can still access all my passwords without fear.

        Couple that with 256-nit AES-XTS full disk encryption, a 256-bit encrypted VPN for tunneling my internet traffic, as well as two-factor authentication on every important account, I think I’m fairly well secured from everything but my own stupidity. Thankfully, I’ve learned enough from that to not share any information with anyone :P

  6. Theo Vosse says:

    If you want to do this, you can also check the default Spotlight query “Recent Documents”. It cannot be erased, and has no size limit.

  7. penkendo says:

    Anyone know what file the recent lists are stored in? It would be nice to try to chown that so you required a secondary user auth to clear it. That would be a better trap: you could leave yourself logged in as bait but whoever snooped wouldn’t be able to cover their tracks

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates