Re: Shared Folder Forensics
From: Olaf Engelke [MVP Windows Server] (oenews01_at_mvps.org)
Date: 11/14/05
- Previous message: Jim Fischer: "Re: Create restricted user account, 2003 server AD domain"
- In reply to: Bruce Wayne: "Shared Folder Forensics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Nov 2005 23:10:38 +0100
Hi Bruce,
Bruce Wayne wrote:
> Does the NET USE command leave any sort of evidence? We have a user
> suspected of connecting to a certain shared folder she should not
> have been allowed to access (this was prior to tightening the
> permissions on the folder and enabling auditing). Is there any way to
> check the history of NET USE on a client computer, to see whether the
> user actually did access the confidential shared folder?
>
there is not very much you can do. You could dig through the
HKEY/Current_USER of this account to see, if there are remains in the
registry from files in sensitive pathes, which may have opened with
applications like MS Office.
But since already some time is gone, the chances are reduced again.
Best greetings from Germany
Olaf
- Previous message: Jim Fischer: "Re: Create restricted user account, 2003 server AD domain"
- In reply to: Bruce Wayne: "Shared Folder Forensics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
