Recover deleted Windows "Audit Logs"

[a.qarta at gmail.com (Aa'ed Alqarta)]

No, the administrator had done something using this server as a "hop" to
access another critical workstation. After he finished whatever he was
planning for, he erased event logs and we only found one audit log
saying "*audit
log has been* manually cleared by ....". They were Windows event logs, and
I'll double check about the file system type. thanks

On Tue, Nov 3, 2009 at 5:03 PM, Joel Folkerts <joel.folkerts at gmail.com>wrote:

> Were the files themselves deleted or the entries within the logs? What kind
> of logs are you referring to, i.e. Windows event logs, logs stored within a
> database, text logs. What type of file system are the logs stored on?
>
> -Joel
>
>
> "The path to hell is paved with good intentions."
>
>
>  On Tue, Nov 3, 2009 at 3:49 AM, Aa'ed Alqarta <a.qarta at gmail.com> wrote:
>
> >  Hello Everyone,
> >
> > I'd like to know is it possible to recover deleted "Audit Logs" after
> > being erased by some administrator?
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Best Regards,

----------------------------------------------------------

http://extremesecurity.blogspot.com

http://www.linkedin.com/in/aalqarta

http://www.experts-exchange.com/M_3011930.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091105/92669123/attachment.htm