is there a way of finding out when an account user on a desktop workstation using XP deleted a file from a server using a linux (squid?) fileserver, I have done a recovery of data deleted from the workstation but would like to prove that this workstation was the one used to do a malicious deletion of files and folders on the server.
thought i would start this question since I am in the middle of sifting through the last 6 month's of deleted files recovered on the workstation.
or would it be the network guys who can tell which system or IP (all workstations have fixed IP) were to blame ?
any help to speed this up would be useful ,