Friday, October 22, 2010

Audit File Parameters

Keywords in event viewerImage by absoblogginlutely via Flickr

You work in a law firm and receive an order to monitor a computer named WORK1. The computer contains shared folders with billing information for all of the company clients. Today all of the files in the folder were deleted. The manager thinks an employee deleted the files in response to a termination. You need to examine the audit log before the employee leaves the company. What filter parameters should you use to examine the audit log to determine if the employee deleted the files?

Answer:  Event id, User, From
Enhanced by Zemanta

No comments:

Post a Comment

"Comment As:" anonymous if you would rather not sign into an account!