Can items copied off a Network be tracked

is it possible to track every item that is copied off the network or computer to an external device?
J.R. SitmanIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Natively, no. You can set up server auditing but I cannot find that document that it will tell if files were copied to an external device
0
Jose Gabriel Ortega CastroCEOCommented:
it is possible if you create a log file for it when you're copying it.
Or probably with a third party software, but the regular is that is not trackable.
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Yes.

Use something like tshark, or similar tool. If there's not a decode plugin for your protocol + data you'll have to write one.

Then just run tshark on the device acting as network connection for your external device.

If you're using a NAS device, then be sure to run tshark on same LAN segment, to ensure you pickup all activity, rather than just partial activity.

Even simpler, just place data behind Apache + login for each user + capture Apache log data related to files of interest.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Dr. KlahnPrincipal Software EngineerCommented:
If Windows Explorer is used, maybe.  From a security standpoint, no.  Or at least it can be made very difficult.  Here's a counterexample.

Instead of using Windows Explorer to copy the file, write a program to do the copying.  Have it open 2,000 random files, read all of them, open equivalent files on the target device, but copy only the chosen one to the target device using direct I/O instead of the file system, and then send padding gibberish that will be rejected by the device but makes it look like the sent length is a different, longer file.

Now (a) Windows Explorer wasn't used, so you can't audit that, (b) the copying program read all the files so you don' t know which one it chose, (c) all those files were created on the target device to fill up your logs, (d) it has deliberately misled you about the length of the file it copied and (e) all you can say is that "the real file was shorter than this length."
0
McKnifeCommented:
Windows' auditing options offer to audit removable devices as a category, that is, setup auditing for future devices that are not even present at the moment. Have a look at https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-removable-storage
As client OS, you'd need windows 8.x or win10, win7 cannot do this.
0
Naveen SharmaCommented:
Implement Data Loss Prevention (DLP) technology which allow you to track your organization's sensitive data from where it is stored, where it is being sent and who is accessing it.

Below information may be helpful to you:

https://community.spiceworks.com/topic/937845-tracking-data-transfer-to-usb-device

Monitor the Use of Removable Storage Devices:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj574128(v=ws.11)

Tracking removable storage with the Windows Security Log:
https://www.ultimatewindowssecurity.com/blog/default.aspx?p=2a77fab3-d5ea-4c78-a187-864be1855f03

Enable auditing on Windows Server 2012:
https://www.lepide.com/how-to/enable-file-folder-access-auditing-windows-server-2012.html
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
J.R. SitmanIT DirectorAuthor Commented:
Thanks
0
Ashot OganesyanCommented:
You can use data leak prevention software like DeviceLock DLP. It can shadow copy all files not only copied to external storage (USB drives, etc.) but also sent to network (social networks, Skype, emails, etc.).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.