[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

mac times ms os

Posted on 2012-03-26
3
Medium Priority
?
360 Views
Last Modified: 2012-03-28
I thought this would be quite easy to identify, but am I correct in thinking that for a file (regardless of file type be that .doc, .txt, .jpeg) on a file share on a windows server, that you cant see who (person) last modified or accessed the file ? I.e. it only goes as far as "the file was accessed dd/mm/yyyy hh:mm", not "the file was accessed dd/mm/yyyy hh:mm by user X"? Is there anyway to identify the user X part? Is the file type irrelevant, or for certain files may the "...by user X" be available?

If its important to see who changed/accessed the file and by default windows cant give you that - what other ways can you do this?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 37766030
This is from an older version of Windows server, but the process hasn't changed much for subsequent versions...

http://www.techrepublic.com/article/step-by-step-how-to-audit-file-and-folder-access-to-improve-windows-2000-pro-security/5034308
0
 
LVL 3

Author Comment

by:pma111
ID: 37770250
So the answer by default (i.e. unless you enable auditing) is "no you cant see who last accessed any file?" ?
0
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 2000 total points
ID: 37770769
...am I correct in thinking that for a file ... that you cant see who (person) last modified or accessed the file ?

Correct.  On MS NTFS file systems, you must enable auditing to track read and/or write file access at the per user level.

...windows cant give you that...

Incorrect.  While auditing is not enabled by default, it is available in any version of the Windows OS that supports NTFS.  The link I posted previously contains information on how to enable file level auditing.

Sorry if I was unclear...

...what other ways can you do this?

I believe the best you can do when you decide you want this type of security *after* the fact, is work on circumstantial evidence.  Who has access rights to the file in question?  What are the access vectors (LAN share v. Internet, for example)?  Which of the file trustees were logged on to the system at the time the file was last accessed/modified based on standard properties?  Certainly nothing that could be qualified as solid forensic data.

Hope that helps.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The foremost challenge encountered by an investigator at the very beginning of a forensics investigation is, accessing a file/data to read/view its contents. Owing to the fact, a platform is necessary for both; opening as well as examining any file.…
In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question