General discussion

Locked

What files where copied off a machine

By chapc ·
I've heard that by viewing Windows Explorer log files or other system files that its possible to tell what files where copied from a machine to either a network drive or to removable storage. Is this possible? and if so how can I do this? Where do the "log files" live? etc.

thanks

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to What files where copied o ...

It is possible to check this with forensic programs.

It is not an inherient Windows software capability.

Collapse -

by chapc In reply to

Forensic programs is a very generic statement -- Even forensic programs look at something. They don't create information they need to open something and look at something. Which programs? What do they look at?

Collapse -

by rhantson In reply to What files where copied o ...

Most forensic's programs don't exactly tell you where the file went, or on the flip side, where it came from...

The answer to this question is actually, no... unfortunately... in the past, I've dealt with a number of companies where I've had to assess a security problem where they were wanting to know who moved the files, when, and where...

If you know where the files are actually at, you might want to begin who they are owned by at the new location... if you don't where they are though, it's going to be tough finding where they went...

Do you just need them recovered?

ActiveUNDELETE is a great util, and quite inexpensive for end users to do some forensics of missing files on your own... it can even rebuild and recover deleted partitions and more...

Hope that helps... feel free to email me if you still have problems or can clarify your problem a little further...

Collapse -

by wlbowers In reply to What files where copied o ...

You can find all of the log files just by doing a file search for *.log

You are going to find 100 to 200 files for all kinds of things.

You are not going to find what you want.

Your best bet if you are trying to monitor computers is to use a program like eBlaster.

http://www.spectorsoft.com

This program will provide you with a detailed report of all activity including emails, programs, file copy and more.

Good Luck

Lee

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums