You know that feeling that you sometimes get as if someone is looking over your shoulder? Creepy as this may sound, that very feeling can have a distinct parallel in the computer world. You may just get a sense, almost like a sixth sense, that your IT security has been completely shot to bits and your computer has been hacked into, even though you can't say for certain just what is giving you that impression. Maybe your hard drive is grinding a little too often for comfort or it seems to be louder than usual. Maybe Microsoft Word is taking just a little too much time to open, or your keyboard seems unresponsive from time to time, just for a second or two. All you know is that your system seems a little bit ‘off’’.
When you start to think that your system might have been hacked, the next logical step is to try to find evidence that can confirm your hunch. This is where most people run into difficulty, though. It is easy to suspect a hack but much harder to really prove one, particularly today when spyware and malware can be more subtle than you would believe. So what should you do in a case like this?
If you have some solid IT services skills under your hood, you can start investigating on your own, using these pointers so you know where to look. Check the audit logs on all the user accounts in your system or network and see who set up each one of those accounts. Of course, taking this step means that auditing of user accounts was turned on at some point in the past. If it was not, do more than just say, "My bad!" and turn it on now so you will not have the same problem in the future.
If auditing is enabled, though, you can try to find out the exact time and date when suspicious accounts were created. Then, using that timestamp, you can try to ferret out other system events that took place at the same time. In this way, you can possibly track down the infection or at least get a better handle on some of the changes made and damages caused.
You should also check for suspicious incoming connections; third-party tools are a good bet in this situation. For even more help in this kind of situation, consider getting in touch with an IT company that can set you up with a managed programs arrangement. This form of IT support will bring an expert to you on a regular basis to help manage your security settings and program updates.