Is there an application or method to log of data transfers?

security software-recommendation usb

It appears that inotifywatch can do the job. Refer to the IBM document I reference in the comment above for more information and its manual page. To install:

apt-cache search inotify
  • inotifywait - wait for changes to files using inotify
  • inotifywatch - gather filesystem access statistics using inotify

You can do this:

1) Check the files: /var/log/kern.log and /var/log/kern.log.1 and search the time and date that your friend connected the usb mass storage. For example, mine says: 

Apr  9 13:41:37 desguai7 kernel: [16788.372616] USB Mass Storage support registered.
Apr  9 13:41:38 desguai7 kernel: [16789.370861] scsi 6:0:0:0: Direct-Access     SanDisk  Cruzer Blade     1.20 PQ: 0 ANSI: 5
Apr  9 13:41:38 desguai7 kernel: [16789.386614] sd 6:0:0:0: Attached scsi generic sg2 type 0
Apr  9 13:41:38 desguai7 kernel: [16789.390966] sd 6:0:0:0: [sdb] 15633408 512-byte logical blocks: (8.00 GB/7.45 GiB)
Apr  9 13:41:38 desguai7 kernel: [16789.392246] sd 6:0:0:0: [sdb] Write Protect is off
Apr  9 13:41:38 desguai7 kernel: [16789.392258] sd 6:0:0:0: [sdb] Mode Sense: 43 00 00 00
Apr  9 13:41:38 desguai7 kernel: [16789.392980] sd 6:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
Apr  9 13:41:38 desguai7 kernel: [16789.401326]  sdb: sdb1
Apr  9 13:41:38 desguai7 kernel: [16789.404486] sd 6:0:0:0: [sdb] Attached SCSI removable disk

So April 9, at 13:41 (1:41pm) a USB Mass Storage was registered (connected) at my computer.

2) Now lets see the last time some files get accessed and search for matching dates. Open a terminal and paste this: 

find ~/the/folder/noone/should/have/looked/ -exec stat -c %n%x "{}" \; | grep "2012-04-09 13:41"

You will be presented with the file names that were accessed at the time the usb mass storage was connected.

A little trick:

You can use wildcards with grep, like changing grep "2012-04-09 13:41" for grep "2012-04-09 13:4[1234]" to get all files accessed from 13:41 to 13:44.

ps.: It wont work if you have accessed the file after your friend.


Believe me son, one good habit worths a ton of software (and much more reliable indeed). Do NOT lend your session anyone. Just copy files you asked for YOURSELF and feel good.

ps There is no good enough security software for insecure people.

Related

open with mplayer not available for video files
Unity on Both Screens with Dual Monitors [duplicate]
How do I reserve bandwidth?
How to open a terminal from the terminal
Is it possible to accelerate downloads in Synaptic Manager?
Clipboard history: Need to get something far back
Install GRUB to Ubuntu Partition
Fan very loud in Ubuntu 12.10
Can I become an Ubuntu Member by contributing on Ask Ubuntu?
What is equivalent of 'mstsc'?
Cleanly uninstall ubuntu from Nexus 7
Unable to start Apache on Ubuntu 12.10: no listening sockets available