Avatar of TThornbrough
Flag for Australia

asked on 

Is it possible to prove that someone copied a file from a network share that does not have auditing enabled?

I am the sole IT Admin for a small construction company.  Investigation around files accessed just before an employee left the company shows that around 7000 files were accessed in a 15 minute period on the network.  Some of the files have limited access due to Group Security, which narrows down the list of people who could have accessed the files.  My question is, is there any way to PROVE that a network user copied files to their PC or an external hard disc, when auditing has not been enabled on the network?
Windows Server 2003Digital ForensicsWindows Networking

Avatar of undefined
Last Comment

8/22/2022 - Mon