I have a client - has 1 PC but its very critical to a community of high end homes
Client has an admin account in Windows XP and has sensitive data on it
When manager is not there, the employee (24/7 staffed) will use a limited user XP account
We have reason to believe the system was compromised. Client fired an employee that has some potential hacking capability.
A folder of sensitive data was found copied to a different location that the limited account could access.
1) The Administrator "Back Door" account has been possibly reset. I want to know if there is a log of when/if the Back Door account password was changed??
2) The folder that was copied shows a date with a timestamp of 2009. I want to know if theres a way to verify if that time stamp is accurate. For example, the hacker could just reset windows time to that date, create the folder, then copy the files over and it would keep that time stamp.
3) Is there any 3rd party companies that the hard drive could be sent too, that charge a fee, to see if files have been deleted or modified? For example there is a copy of an XLS file that may have goes to a certain date in 2009. We want to know if the information after that was deleted, or if it was actually copied in 2009.
Any help would be appreciated I know this is a pretty random thing, but it is critically important.