Re: data forensics??
From: Terry (terry_at_rit.co.uk)
Date: 12/25/04
- Next message: Terry: "Re: data forensics??"
- Previous message: Stelios: "Re: How to re-create OWA and OMA virtual directories"
- In reply to: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "Re: data forensics??"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "Re: data forensics??"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "Re: data forensics??"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 25 Dec 2004 11:27:14 -0000
>From what I understand, he had the files kept locally on his machine. Some
of the information is Top Secret (sounds very James Bond-ish....). I have
been asked to take a look. From what I understand it was common practice for
the individual to take information home to work on and to keep certain
information locally on his machine. Some of this information was research
into advanced products that were in the "development" stage.
It is believed that some of the information was copied to another PC on the
network and then burned to CD. I dont know if there is any way of proving
this. Also, his old hard drive was removed from the PC and hit repeatedly
with a hammer. I have been asked if there is any way of retrieving any data
from this drive and to acertain what was looked at...........
All a bit beyond my current level of knowledge but would be very interested
to know if there are any UK based companies that specialise in this area
that I can point them to .....and if there is any way I can give them some
indication of what would be possible so they are not just throwing money
away. We are looking (I am told) at around £100,000,000 of critical
information!!!!
TIA
Terry
"Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] " <sbradcpa@pacbell.net> wrote
in message news:#URLj3l6EHA.1204@TK2MSFTNGP10.phx.gbl...
> ...possibly.. call in a forensic specialist. You need to not touch that
> machine and it needs to be forensically examined [Norton ghost is not a
> forensic copy]
>
> It's possible that it's going to show up in index.dat /windows explorer.
> Are the files on the network? Just trying to remember if that's
> going to show evidence of him/her touching that with a "date touched" in
> that file. Would he have attached a usbharddrive to that system and the
> usb "trace" would be left behind in the registry. Also how long has it
> been and have you kept network log files of logon and off?
>
> I can ask for certain in the Encase forum [went to class there] if you
> want me to see if this is possible.
>
> I just played with copying a file myself, It's definitely going to have
> a stamp of "accessed date" which is why you don't want to touch that
system.
>
> Encase
> KrollonTrack
>
> There's a couple of good agencies.
>
> Terry wrote:
> > Sorry if this is the wrong place to post this but I'm not sure what the
> > right place would be.............
> >
> > I have a client with an SBS 2003 network with XP Pro clients.
> >
> > Recently an employee left and it is believed copied up to 50Gb of
company
> > information from the company PC.
> >
> > Is there any way to tell what files were copied and when??
> >
> > TIA
> >
> > Terry
> >
> >
- Next message: Terry: "Re: data forensics??"
- Previous message: Stelios: "Re: How to re-create OWA and OMA virtual directories"
- In reply to: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "Re: data forensics??"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "Re: data forensics??"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] : "Re: data forensics??"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
