How to view history of file copying activity on a laptop?

We have someone in our organisation who we suspect may have transferred a significant amount of company data from their company laptop onto a cd or USB key. Our HR people want to know what this was - is this possible? The laptop in question is XP with office 2003.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Toni UranjekConsultant/TrainerCommented:

If you would have configured Object Access auditing in laptop before data was copied, you would have corresponding events in Security log. But copying files would be reported as Read operation and would not differ from actual reading of files. I believe that the answer is unfortunately - not possible.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian PiercePhotographerCommented:
I agree with Toni - not possible. With standard windows accounting even if object access was enabled and the files/folder were configured for auditing there is no way of determining if the files were just opened or copied.
Mad_LennyAuthor Commented:
Hi Guys,

In that case then I guess we'll never know. Its never been a problem I'm not sure what best practise is round this. HR seem to think that I should be omnipotent when it comes to any user activity, perhaps they are right, but how far do you go?

Anyways, many thanks for the speedy replies,

Toni UranjekConsultant/TrainerCommented:
Implement security restrictions for confidential data, if you don't trust people don't give them access to such data, or use 3rd party product like to prevent copying data to external devices. But you should realize that malicious user can still send mail or even use xerox machine, to get information out of the office.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.