• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6102
  • Last Modified:

Check log for file transfer\copy

I want to see if a departing employee copied\transferred any\all of our company data files off our Windows 2000 server recently.  Is there a log file or profile log that shows each users activity over a given time?
0
srohe
Asked:
srohe
  • 3
  • 2
1 Solution
 
KutyiCommented:
You can check some access to files through the index.dat file under the user temporary internet files folder.. You will need to download index.dat analyzer tool:
http://www.download.com/Index-dat-Analyzer/3000-2144_4-10564321.html
0
 
sroheAuthor Commented:
Doesn't that only reflect downloads from the internet to the users PC?  I was thinking more like user downloads files from the server to a usb flash drive other external media.
0
 
KutyiCommented:
It also shows access to local files....I use it to track 1000 studentsd when teachers want to know what students are working on.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Hugh FraserConsultantCommented:
There's no log file that will show simple file copies. Forensic tools like backtrack will give you a timeline showing creation, change, or deletion of files, but the only way to track copies of files is to put audit acls on them, which will make entries in the security event log. Of course, this needs to be done before the event, not after.

If you decide to go this route, I'd also suggest transferring the event logs to a secure log server in realtime so that they can't be easily tampered with.

Also, keep in mind that there's a performance penalty if you go around putting audit logs on every file. Just do the directories/files that contain sensitive information you want tracked.
0
 
sroheAuthor Commented:
Thanks!  I didn't have any auditing running but this helped us determine what they were up to!  
0
 
KutyiCommented:
Glad you got what you needed!.....:)
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now