HOW TO ACCESS THE FILE HISTORY ON A USB FLASH DRIVE
quentin2121 Posted messages 9063 Registration date Status Membre Last intervention -
Hello, I have a USB key that was used by a third party. In my presence, they copied or saved one of the files originally on my USB key to their computer.
I left without immediately taking back my key.
How can I tell, from my USB key which was returned to me later, if this person accessed, opened, copied, or saved (to their computer or another medium) any other files that are on my USB key during my absence?
I do not have access to that person's computer, and I have not used this USB key since.
Thank you for your responses (it's a bit urgent unfortunately as I would like to start using this USB key again).
3 réponses
Hi Etourdi-Man
To my knowledge, there is no way to know if a file has been copied from the USB drive to another support
A file that has been deleted = yes
See you
Thank you very much for this quick response. By the way, I guess it's the same for knowing if the file was opened from the USB drive and saved on another device?
Additionally, is the information regarding the last access that can be viewed from this file reliable?
Thanks again,
@+
Hello,
A number of artifacts allow access to the last access date of a file, for example quite simply the DIR command with an appropriate switch, but provided that no operation has previously been performed on this file that updates this date (copying, simple viewing of properties...), and this won't tell us whether the file was simply opened or copied elsewhere.
https://ss64.com/nt/dir.html
Hello,
Maybe we can see it through the Windows Event Viewer, right-click on the Windows flag button at the bottom left!
Hello,
No, precisely: we were told right away that a third party had connected this USB key to their own computer.
To have proof of anything, and as I mentioned in <3>, it is necessary for the author not to have performed an action (right-click-properties is enough) that could change the last access date.
Demonstration by absurdity, I take a folder on which I do DIR /T:A, I randomly select the first file on which I right-click-properties or copy elsewhere, like the ads for laundry detergents, before and after:
