Forensic work for Exchange 2010
Dear experts,
We recently had an employee leave our company, and are strongly suspecting that she has taken some of our company data and went to a competitor, since we lost our large account with one of our clients, and found out that the account followed her.
I have been instructed to restore any deleted file and emails on her laptop.
I used GetDataBack for files, and PST Walker to find hard deleted mails, but that is about all I could do.
She had a habit of always emptying out her Deleted Item box, even if I go back on our Exchange backup, I cannot seem to find anything else.
Is there another way for us to recover deleted messages from the Exchange? I was also asked if there is any way we can find out if she copied files off of our network folders to an external source, but since we don't have any network monitoring tools currently running, I am assuming that we cannot find such info. In the future, what should be our practice to avoid this type of situations?
Please advise.
We recently had an employee leave our company, and are strongly suspecting that she has taken some of our company data and went to a competitor, since we lost our large account with one of our clients, and found out that the account followed her.
I have been instructed to restore any deleted file and emails on her laptop.
I used GetDataBack for files, and PST Walker to find hard deleted mails, but that is about all I could do.
She had a habit of always emptying out her Deleted Item box, even if I go back on our Exchange backup, I cannot seem to find anything else.
Is there another way for us to recover deleted messages from the Exchange? I was also asked if there is any way we can find out if she copied files off of our network folders to an external source, but since we don't have any network monitoring tools currently running, I am assuming that we cannot find such info. In the future, what should be our practice to avoid this type of situations?
Please advise.
As you say that the employee left recently, could you restore her mailbox from one of the recent backups and check dumpster data? Also, going further I would strongly suggest that you use a Data Leakage Prevention solution to monitor sensitive data in your environment.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear paarun,
Thank you for your response, but she had a habit of hard deleting mail messages every day, so none of the backups have any items in deleted item folder.
Thank you for your response, but she had a habit of hard deleting mail messages every day, so none of the backups have any items in deleted item folder.
ASKER
Thank you, Amit and btan.
I will use your information to form a policy for the future for my company, but it does look l do not have much to go on as of now.
I will use your information to form a policy for the future for my company, but it does look l do not have much to go on as of now.
thanks that is right steps to ensure top down approach for governance and ensure user acceptance and policy cover such aspect, but importantly create that "deterring" effect by enabling audit trails, login splash screen on the use of company property and regular asset and audit check will be good as well...activities to be verified and validated on the ground always with strict regime is always better as it "walk the talk" and not "paper play" per se...