Trace Documents being moved from Pc to Flashdrive
I have a new client that just terminated an employee. Right after that event, they checked the employee's Pc and found company documents missing from his stand alone peer to peer Pc. They never took any backups.
I installed Recuva and ran a full system scan for deleted files. The only files found were from a few months ago and there were only a few files per day deleted at that time. Nothing that would point to a mass deletion which is what I was looking for.
https://www.piriform.com/recuva
I suspect he moved all documents to a USB flash drive and took it with him.
Is there any way to track this down in Windows Logs?
I installed Recuva and ran a full system scan for deleted files. The only files found were from a few months ago and there were only a few files per day deleted at that time. Nothing that would point to a mass deletion which is what I was looking for.
https://www.piriform.com/recuva
I suspect he moved all documents to a USB flash drive and took it with him.
Is there any way to track this down in Windows Logs?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I agree with the comments. I'll try those tools Saturday morning when I'm there.
ASKER
Thanks for confirming my expectations on this one.
ASKER