On 2/10/09 from 9:55am to 10:05am my client stated that their server's hard drives were being excessively accessed. During that time they stated that no one was using the server as they were just getting to office and not even booted up the workstations. He was extremely concerned and wants to know what caused this.
I have reviewed the event, raid, antivirus, battery backup and veritas backupexec logs. Nothing was logged during this time frame.
My question is, I doubt it, but how can I figure out what happened in the past. More importantly for future, how can I figure out what caused this the next time it happens.
The server is SBS 2003 Standard.