Mondeo ST TDci
Is it possible, to trace a file that was .. copied to a local computer from a network share, even if the file was deleted from the local pc months ago?
ClioSport.net
This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
-
Due to ongoing maintenance work some features and functions (including Dark mode!) may be unavailable or visually appear differently.
-
When you purchase through links on our site, we may earn an affiliate commission. Read more here.
Trace a file on a network
- Thread starter Stuart.Atkinson
- Start date
the way i read that is that a file that was located on a share on the network was downloaded to a local PC by someone and then deleted at some point, can it be proved that the file was located on the local pc at some point, maybe it contained sensitive data and shouldn't have been downloaded?
Mondeo ST TDci
I hope not :S
LOL
LOL
Mondeo ST TDci
ROFL.
the only way i can think of is packet tracing? but that wont be available unless you are specifically lookingk for it? at that point in time when it was copied??
the only way i can think of is packet tracing? but that wont be available unless you are specifically lookingk for it? at that point in time when it was copied??
if you do this you have to be clever about it, if you have an admin password and have access to servers I would normally log into the server via the administrators account using RDP, then open the file on there, then it could have been opened by anyone!
Not that i have done this obviously
Not that i have done this obviously
unless anyone is hell bent on finding out i doubt it would be easy to detect, i think they would really have to WANT to find out!
Mondeo ST TDci
cool, cheers guys!
Depends what OS the "server" was running and it's configuration, but yes, it can be done.
Windows server OS's, for example, have auditting, which can log success/failure of object access for example (amongst other things)
http://windows.stanford.edu/docs/security2000.html#audit
Windows server OS's, for example, have auditting, which can log success/failure of object access for example (amongst other things)
http://windows.stanford.edu/docs/security2000.html#audit
Well, only the administrators would know that.
It's perfectly possible that it may be set.. heh.
Mondeo ST TDci
server 2003.
so in theory you CAN trace this activity then? i thought if a copy was taken and dumped locally that the server wouldn't register it?
so in theory you CAN trace this activity then? i thought if a copy was taken and dumped locally that the server wouldn't register it?
172 Cup (2003)
We have this in place on our fileserver.
The server won't log that it was deleted from your local PC, but it will / can know that you got it from the server.
This is an example from our log...
1/19/2006,16:30:36,8,3,560,Security,DOMAIN\user,SERVERNAME,Security File,D:\shared\Development\folder\folder2\Projects\filename.tmp 608,0,286051200,8,SERVERNAME,DOMAIN
date
time
your domain
your username
The rest is the filename and some other crazy microsoft codes.
Hope this is helpful.
Similar threads
