Suspicious Activity Monitoring

["Jason T. Hallahan" <jthallah () gmail com>]

Hello and good day list,

I am wondering if there are any products, techniques or ideas out
there on how to monitor a remote system (let's start with Windows) in
a networked environment (let's assume Active Directory/Domain) in
order to detect any of the following activity which may or may not be
malicious. For instance:

1) Activating EFS (Encryption) in Windows and encrypting files or folders.
2) Hiding Files/Directories whether they belong to user or system.
3) Unmasking a hidden File/Directory belonging to the system.
4) Removal of Read-Only protection on a File/Directory/Media.
5) Mounting/Unmounting a USB Thumb Drive.

Anybody out there have any ideas or experience on this topic?

Thanks,
Jason

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------