Image by absoblogginlutely via Flickr
You work in a law firm and receive an order to monitor a computer named WORK1. The computer contains shared folders with billing information for all of the company clients. Today all of the files in the folder were deleted. The manager thinks an employee deleted the files in response to a termination. You need to examine the audit log before the employee leaves the company. What filter parameters should you use to examine the audit log to determine if the employee deleted the files?