RE: Forensic Investigation
- From: Anteaus <Anteaus@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Dec 2007 02:20:02 -0800
Probably not. This is one argument in favour of a fileserver as central
storage. In that case you should be able to audit who was logged-on, and
when, plus the ownership of files will tell you who put them there (but not
who deleted them!)
HST, the event logs in XP Home may give some clue as to who accessed the
computer, and when. Check out event viewer in Control Panel>Computer
Management. This would only be of value if (confidential) passwords were
in-force, of course. Otherwise anyone may have used the ex-employee's logon.
If there is serious doubt about the ex-employee's trustworthiness then I'd
be inclined to do a thorough scan for Trojans, and if there is any doubt
about the results, to reinstall the OS from scratch.
"SteelCadman" wrote:
Ok, I have used a very specific title for the subject of this post, and.
rightly so. The company I work for had a tech savy employee leave rather
suddenly. However there was activity on this individuals computer after her
departure. Files were accessed, not remotely as the workstation was
physically disconnected from the network.
Heres the query, what form of access was perfiormed on the files, were they
copied, were they just opened. If they were copied where to? USB, CD-Burner?
Now, if our IT guy was quick, he would have all systems running XP Pro with
Security policies set to Fort Knox Level. However we have XP Home, and now I
have been asked to figure out the answers to the above questions.
My question is, Is it possable after the fact? and if so how?
Ive tried everything I can think of.
- Prev by Date: Re: Screen Discoloration after Automatic Update
- Next by Date: Re: Home Networking and Administrator Rights - Surely It's Not This Ha
- Previous by thread: Re: Screen Discoloration after Automatic Update
- Next by thread: Re: Forensic Investigation
- Index(es):
Relevant Pages
|
