Is it viable to remove a member of staff when you have an insecure network – i.e passwords are first names if you find deleted porn files on their machine? They claim they did not do it, but Windows 2000 server bug was in existance – could a 3rd party have input evidence into the “innocent” party’s machine?
Is it also viable to use as evidence printouts of cookies/cache which have been recovered – can you check when they were created/deleted?
Should the user name that comes up in the recovery data be the same throughout. Would it be possible to log onto that machine and put files on the c: drive.
What about e-mail security, could staff be fired for being sent unsolicited porn e-mails? Surely it is what they do with them (i.e delete them) that is the important thing.
Please let me know your views.