Questions

Answer for:

computer Forensics

Message 3 of 3

View entire thread
+
0 Votes
gechurch

Robo_dev is absolutely right in everything he says. I can't think of any other way of finding this info without having systems in place first.

To track this stuff in the future I can recommend http://www.greyware.com/software/systemchangelog/3x/index.asp. I use it on a few servers. It's much easier to read than AD Auditing (and it tracks renames properly). It also runs fine on Windows XP, and is free for personal use ($30 after the trial runs out if you use it commercially).