Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Who and When files on Mapped drive were deleted?

Posted on 2010-01-11
9
Medium Priority
?
379 Views
Last Modified: 2013-11-14
hi experts,
I have mapped drives on windows xp, someone deleted some files from one of them, mainly I want to know who (windows user) and when the files were deleted?
note:  when the files where deleted the audit policy for dletetion was not activated.
the mapped Drive based on Avid ISIS Connection for multimedia files based on Raid tech. is there any way to recover these files, the only solution I found is in http://www.werecoverdata.com/raid-data-recovery/
please any ideas?
Thank you.
0
Comment
Question by:LeDaouk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 26

Accepted Solution

by:
lnkevin earned 500 total points
ID: 26292340
You should pay them (above site) to recover your data if there is no back up existed. The recovery process is quite simple with their tool, if you have proper tools. I don't think we have a lot of options here. In regarding to the audit, you have to activate it before the incident. This feature won't work if not activated. Here is the guide to set up audit, just in case you don't have it:
http://support.microsoft.com/kb/325898

K
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 26297558
Indeed, auditing policy must be active before the facts.
DIY recovery can be done through software. Have a look at Recuva: http://www.piriform.com/recuva
But to make recovery as successful as possible, you need to minimize the use of that PC/disk/array.
Even installing Recuva can impede the recovery process. So I recommend you boot from another disk (you can add one) and then scan the impacted storage.

kr, J.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 4

Author Comment

by:LeDaouk
ID: 26300452
thx
but I told you before :
(note:  when the files where deleted the audit policy for deletion was not activated.)
so I need something out of audit policy
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 26301387
I'll try to rephrase this: if the audit policy is not activated then there is nothing to get.
If with 'out of' you actually mean 'next to' then the answer is the same. If no audit policy then there is nothing logged. Even a forensic analysis can not find who, if nothing is logged. You can only find traces of the delete itself. That's why it is so important - and usually overlooked - to define the MS audit policy logging settings AND the SACLs BEFORE putting any system in production.

kr, J.
0
 
LVL 4

Author Comment

by:LeDaouk
ID: 26330027
there is no soltion!?!?!
0
 
LVL 26

Expert Comment

by:lnkevin
ID: 26335386
What do you mean no solution? Your solution is paying for raid recovery. Like I said, you did not set up audit so no logging audit. It's simple as you don't work then you don't get paid. Make sense?

K
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question