HI
how to find USB enteries/ logs in linux

Hi,

Take a look in /var/log/messages or execute dmesg.

Both should contain usb related messages.

Hope this helps.

Also, could you explain the context of the information you are seeking? Presumably this is security-related, as you've posted in LQSEC, right? The more verbose you are, the greater the chances of having a productive discussion.

Thnx a lot for quick response drrunna
@winsux : someone has used my pc in my absence and i doubt data theft. probably i may find some usb entries which does not belong to mine

Was it off? Was it on but locked? Or was no login required? How is your default access set up? Shell only or Xorg access?


What kind of data are we talking about? Was it passworded, encrypted or plain text? Large or small files? Easy to find?


Can you narrow down the suspected period of time? If it was for example an USB stick then 'grep usb-storage /var/log/messages' will show the times when an USB mass storage device was attached. If a login is required then you can correlate times with those from running 'last'. If a login was not required then you should not have put that data there in the first place as an out-of-the-box GNU/Linux installation does not come with extensive auditing enabled by default so UUIDs, device names and partition labels may or may not have been logged.

System was on
some emails and .dot documents.small files only n it was not pwd protected.
times was somewhere betwwen 9 to 2pm (+5.30 GMT)
I am not sure whether usb was attached or not, probably someone transferred the files using his hotmail, yahoo etc.