Previous to my involvement in this, an ex employee supposedly copied very important, propriotary files to his laptop. now that he has resold the data, the task to prove he took it fell upon me. They have a Serve 2003 SBS with Active Directory setup. They were not properly restricting data with security groups but did have shared folders setup. I am pretty sure, but want to make sure, that there is no way to prove this was done, or even what files this was done to.
Also, this happened 9 months ago, yeah, I know.
What steps can be taken to track this in the future, Obviously security groups and restrictions are in place now, but even trusted employees could do this, so what can be used to prove it after the fact?
Thank youfor your assistance.