LastActivityView: some interesting functions you should discover!

Radu Tyrsina
by Radu Tyrsina
Founder & Editor-in-Chief
0 Comments
Download PDF

The user-tracking program for NirSoft can now show you the recent connects and disconnects from a wireless network for the current system. This is really useful for PC forensics, since authorities can find out where a laptop (and particularly his user) has been in the last days.

The program has many other interesting functions: it records several other user actions, for instance opening and saving files, EXE files launches,  installing software, crashes in system or applications, times for closing and starting up the system etc.

The list of Actions is generally arrange by time, though you can also select it to be sorted by field if you want to group common actions in one place. For instance, you can see all the opened files in one list. The advantage of this LastActivityView feature is that it doesn’t create the log of the information itself, but it gathers the data from the event logs in the Windows system and other sources. As such, you don’t have to install it on a system or keep it running in the background and consuming your resources. Simply launch the program once and it will compile a timeline of all the information it finds available on the machine.

However, if you intend to protect your machine from this kind of snooping around, you can disable the event logs. For instance, if you want to stop the operating system from logging the connects or disconnects to the wireless network, launch the Event Viewer, go to Applications/ Services Logs/ Microsoft/ Windows/ WLAN – AutoConfig. In the left hand pane you will find the option to expand the log, then click right on Operational, choose Clear Log, click right again and choose Disable Log.

Keep in mind that LastActivityView only runs on Windows 2000 and newer versions, though some features are only available with later versions.

RELATED STORIES TO CHECK OUT: