Security Basics mailing list archives
Re: Forensic Tool
From: Adam Pal <pal_adam () gmx net>
Date: Tue, 10 Jun 2008 23:06:17 +0200
Hello newnewguy, (nice name *G*) Well, lets asume case a) data has been sent via email to another location, in this case you can evaluate the logs to get some info. case b) data has been copyed to another device. In this case, i would say that you can only see if a device was being attached by reading windows logs, but i`m not sure how long this information is being kept by the system. What you cannot see in case B will be what files have been copyed. Basicaly, case a could eventualy be an argument in front of the court, but assumptions as case b or others wont. The point is, a copy means reading access on original file and writing access on target file. You can eventualy see in the metadata when the last reading access ocured, but this doesnt necessarily mean that the file was copyed to external, there is a multitude of processes which can cause a reading access. I hope you can have a better perspective on the problem. I wish you good luck! -- Best regards, Adam Pal Monday, June 9, 2008, 6:56:41 PM, you wrote: <==============Original message text=============== nac> Hi, nac> I of the person in my company has downloaded very imp files nac> (Application & Data)from HR portal. nac> He has deleted the files from his machine. We need to ensure nac> that files were not copied to any other media before deletion. nac> Request you to please help on How this can be achieved. nac> Thanks! nac> New Guy <===========End of original message text===========
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Forensic Tool newnewguy (Jun 09)
- Re: Forensic Tool Shreyas Zare (Jun 09)
- Message not available
- Re: Forensic Tool Shreyas Zare (Jun 10)
- Message not available
- Re: Forensic Tool Shreyas Zare (Jun 09)
- Message not available
- Re: Forensic Tool Dennis Kudin (Jun 10)
- Re: Forensic Tool p1g (Jun 10)
- Re: Forensic Tool Adam Pal (Jun 10)
- RE: Forensic Tool Robinson, Sonja (Jun 10)