Network Compromised

["Evan D. Blackmore" <evan.blackmore () advproj com au>]

Hi all

Recently the network at my place of employment was compromised the only
evidence I could easily recovery was the attackers dhcp lease on our
network. This same attacker also got onto my network at home and onto my
personal machine (teach me for not keeping my firewall up to date) I
took the easy option at home and just reinstalled the operating system.
I can't do that at work however........the thing is I'm not sure if he
did anything while on my work network. I thought that he may have gotten
my logon when he compromised my machine (I use a vpn from home) but the
date of the dhcp lease indicates that he was on my employers network
first.

I rang the cops (computer crime) and they told me that I would have to
investigate it myself so I'm posting to get some advice on how I might
go about this or if it is even necessary. I'm familiar with forensics on
Linux boxes as I did it at uni but we run a Windows based network here. 


Regards, 

Evan Blackmore
Advanced Project Solutions

Office - +61 8 9441 5700
Direct - +61 8 9441 5773