Thieving Bast@rds!

By jdm121 ·
I'm looking after a small network at the moment (it's an education center) anyway it turns out that someone has stolen one of the staff's personal credit card details and racked up a few
thousand pounds worth of gambling debts

Ordinarily this would concern me less than nothing! but...

it's a military base and the MPs are breathing down my neck asking me to identify the machine that accessed the gambling site. This way they can check records and nail the guy.

network is set up as follows: dedicated internet connection, through router and windows isa server,
2003 windows DC, -+50 clients hanging on, isa is pretty much set up as just a firewall blocking porn access.
All clients are on same subnet and get short lease ip (via DC)

On workstations some caches get cleared and some don't. I'm not exactly doing cartwheels of joy over the prospect of checking ie6 history and temp internet files for signs of this site on 50 machines. Anyone got any tips for making my life easier... even though I don't
deserve it!!

Thanks in morbid anticipation x

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

hope you had reporting configured in ISA

by CG IT In reply to Thieving Bast@rds!

if you did, ISA can tell you what machine went where,when and how often.

GFI for ISA can tell you the who by domain name if you have it installed.

Collapse -

Nice one

by jdm121 In reply to hope you had reporting co ...

I'm new to ISA but have been "playing" around with it over the past couple of weeks I think reporting is set up so I will give it a go - Thanks mate

Related Discussions

Related Forums