Security Basics mailing list archives
Re: Forensic Tool
From: "Shreyas Zare" <shreyas () technitium com>
Date: Tue, 10 Jun 2008 11:10:51 +0530
Hi, Clearly, your company has to take strict action against the employee. The files that were deleted from her laptop can be easily recovered by any off-the-shelf file recovery software. It would not be possible to find out if she had copied the data onto any media very easily. Her laptop must be seized immediately and copies of the hard drive (image) must be created for further investigation. Use file recovery software to get deleted documents on her laptop to find clues if she had deleted some other info regarding this incident. If she had enough time, it is possible she would have e-mailed the files to someone else, so just deleting the mails in her yahoo & hotmail a/c wont solve the matter. Investigate contacts in the email account address book. Regards, On Tue, Jun 10, 2008 at 12:11 AM, <newnewguy () aol com> wrote:
Hello, Here is the explanation: One of the lady has copied the application files (complete application) of one of the HR Portal application along with some imp data files. Then this person sent these files to his Yahoo & Hotmail IDs. When we observed that in the email logs, we asked her for the explanation behind this act. She gave some answers which don't justify this action. Then we asked her to delete all these emails from her laptop (where she downloaded) & her personal IDs (Yahoo & Hotmail). We just want to check if she copied these files to any other media before deletion. Also if these files are still sitting in any part of memory on her machine. That laptop has Windows XP Professional with SP2. I hope this helps in understanding the situation. Thanks a lot for your help! New Guy!! -----Original Message----- From: Shreyas Zare <shreyas () technitium com> To: newnewguy () aol com Cc: security-basics () securityfocus com Sent: Mon, 9 Jun 2008 1:42 pm Subject: Re: Forensic Tool Hi, Firstly, you have not clearly explained what has happened. Secondly, after someone does something like copy file into media before deletion, it is difficult (or impossible) to find it out. You need to have some mechanism in place to log such things before hand. Also provide details like what OS is in the scenario. Regards, On Mon, Jun 9, 2008 at 10:26 PM, <newnewguy () aol com> wrote:Hi, I of the person in my company has downloaded very imp files (Application &Data)from HR portal.He has deleted the files from his machine. We need to ensure that files werenot copied to any other media before deletion.Request you to please help on How this can be achieved. Thanks! New Guy-- ("There are only 10 kinds of people in this world: those who know binary and those who don't.") Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We believe in quality. Visit http://pc.technitium.com for details. ________________________________ Stay informed, get connected and more with AOL on your phone.
-- ("There are only 10 kinds of people in this world: those who know binary and those who don't.") Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We believe in quality. Visit http://pc.technitium.com for details.
Current thread:
- Forensic Tool newnewguy (Jun 09)
- Re: Forensic Tool Shreyas Zare (Jun 09)
- Message not available
- Re: Forensic Tool Shreyas Zare (Jun 10)
- Message not available
- Re: Forensic Tool Shreyas Zare (Jun 09)
- Message not available
- Re: Forensic Tool Dennis Kudin (Jun 10)
- Re: Forensic Tool p1g (Jun 10)
- Re: Forensic Tool Adam Pal (Jun 10)
- RE: Forensic Tool Robinson, Sonja (Jun 10)