Re: Forensic Investigation
- From: "VanguardLH" <VanguardLH@xxxxxxxxxxxx>
- Date: Tue, 18 Dec 2007 12:58:32 -0600
"SteelCadman" wrote in message news:9FCBF37B-B2EF-45F3-89CB-D0A5AF699324@xxxxxxxxxxxxxxxx
Ok, I have used a very specific title for the subject of this post, and
rightly so. The company I work for had a tech savy employee leave rather
suddenly. However there was activity on this individuals computer after her
departure. Files were accessed, not remotely as the workstation was
physically disconnected from the network.
Heres the query, what form of access was perfiormed on the files, were they
copied, were they just opened. If they were copied where to? USB, CD-Burner?
Now, if our IT guy was quick, he would have all systems running XP Pro with
Security policies set to Fort Knox Level. However we have XP Home, and now I
have been asked to figure out the answers to the above questions.
My question is, Is it possable after the fact? and if so how?
Ive tried everything I can think of.
So what are you basing that the files got "accessed". Maybe you left it powered up and a scheduled event in Task Scheduler or in an anti-virus program went around scanning for pests. Could be SyncToy did a synchronization of files between different paths or drives. Depends on what is allowed to run on that computer if you left it powered up.
.
- Prev by Date: Re: Restoring from backups created with a previous computer
- Next by Date: Re: MI5-Persecution: BBC Newscasters Spying on my Home (10509)
- Previous by thread: RE: Forensic Investigation
- Next by thread: Re: Home Networking and Administrator Rights - Surely It's Not This Ha
- Index(es):
