Home page logo
/

basics logo Security Basics mailing list archives

Re: Forensic Tool
From: p1g <killfactory () gmail com>
Date: Mon, 9 Jun 2008 23:46:43 -0400

Look on the other media?

Very limited info to go by.

Hard to prove file copies unless a script was used and it is still present.

You could determine if 'other media' was connected to the pc( assuming
win32/64). Look in registry.

If I was a betting man, judgin from your question and your 'fishy'
email addy, I put my money and you did it and you want to know if they
are going to catch you.

Just a bit of advice.

THEY know.

On Mon, Jun 9, 2008 at 12:56 PM,  <newnewguy () aol com> wrote:
Hi,


I of the person in my company has downloaded very imp files (Application & Data)from HR portal.


He has deleted the files from his machine. We need to ensure that files were not copied to any other media before 
deletion.


Request you to please help on How this can be achieved.


Thanks!


New Guy




-- 
-p1g
SnortCP, ESSE-D, C|HFI, TNCP, TECP, NACP, A+, whatever..
 ,,__
o" )~ oink oink
 ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]