Pau Lo
asked on
User activity groups
I need some sort of general brain storming from you experts around user activity. Essentially there is a (slight/potential) allegation someone may have compromised another users domain username/password and logged into the domain from a PC with those credentials. In terms of “what they did” with that account what areas would you look to for clues, I could do with just a top 5 areas you’d review to see what kind of activity took place. Internet activity is the obvious but potentially many many more. If of any use the machines are XP.
If the user name/password were used by the alleged perpetrator, there is no particular method to differentiate that activity from the valid user. Unless the activity was performed from a different PC that the one the actual user uses daily
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>Unless the activity was performed from a different PC that the one the actual user uses daily
We beleive so.
We beleive so.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER