Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 326
  • Last Modified:

Can you tell what files are touched during a RDP session on SBS2003?

I have a server that i know was hacked through the rdp. I was able to use network probe to trace the ip traffic to an ip address in south korea. I also know that the session lasted approx 2.5 hours and 390 meg of data was transmitted. My question is - How can i find out WHAT data was taken or copied? I have crawled through all the event logs and they are of no use, i did a search on any files that would have been created or modified during the time period but nothing interesting came up. Any suggestions? Is there a hidden log somewhere that tells when files are copied?
0
rrcarlisle
Asked:
rrcarlisle
1 Solution
 
ShareefHuddleCommented:
If auditing was setup but by default no not really.
0
 
rrcarlisleAuthor Commented:
will auditing tell me what files are touched (copied, opened, etc) by what user? How does one activate this feature?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now