Quote:
Originally Posted by pranks
someone has used my pc in my absence
|
Was it off? Was it on but locked? Or was no login required? How is your default access set up? Shell only or Xorg access?
Quote:
Originally Posted by pranks
and i doubt data theft.
|
What kind of data are we talking about? Was it passworded, encrypted or plain text? Large or small files? Easy to find?
Quote:
Originally Posted by pranks
probably i may find some usb entries which does not belong to mine
|
Can you narrow down the suspected period of time? If it was for example an USB stick then 'grep usb-storage /var/log/messages' will show the times when an USB mass storage device was attached. If a login is required then you can correlate times with those from running 'last'. If a login was not required then you should not have put that data there in the first place as an out-of-the-box GNU/Linux installation does not come with extensive auditing enabled by default so UUIDs, device names and partition labels may or may not have been logged.