Jump to content
Compatible Support Forums
Sign in to follow this  
waddy

User stealing data

Recommended Posts

Need some advice.

 

There is a suspicion that one of the network users is stealing data.

 

There is a CD burner in the office + they are allowed web based email also.

 

I thought to install some spy software like:

 

http://www.acespy.com/details.html

 

We need to see if he/she is mailing the data out or even using the CD burner.

 

Windows 2000 server, Exchange 2000 and win 2K Pro workstations

 

I do know that we need to block webmail and the CD burner, but we dont want to until we get the required evidence.

 

We need to find out what they are up to, anyone got some good tips, experience or advice on this one?

Share this post


Link to post

If you know roughly the time frame this person is doing this, you could do a simple advanced search for files or programs that have been accessed around that time.

 

I'm sure there are programs out there that will track and log this type of thing for you, I just don't know any. We had the same thing happen here where I work...but I knew the time he/she was doing this..that made it easy to trace using file searching.

 

Good luck to you...hopefully someone will answer your question a little better.

Share this post


Link to post

Take the cd burner out of the machine? and put it in only a machine an admin can access?

 

do u not control their email accounts, or is it likea hotmail account type of tthing.

 

u can password protect all shared netwrok directories...

Share this post


Link to post

First off check with local law enforcement to make sure that nothing you do is illegal. spyware might be yet other forms of surveillance might not be.

What we would do in a situation like that is install a packet sniffer and redirect all network traffic from that machine through the sniffer. You can reconstruct everything they are doing.

also when the person is away (evenings) I would go in and make a forensic image (sector by sector) of the suspect machine at which point you can mount the image with a forensic software (Encase being an example but I doubt you'll have that kicking around as it is about 4 grand)

you can then go through the image (forensic software will also give you everything that has been deleted).

One advantage to having the image is that if the person suspects something is up and does a wipe of their machine you still have an original image before it was wiped so you still have evidence.

now when taking the image make sure you use a Hard Disk Lock so that no data can be written to the host drive. and I cannot stress this enough, DOCUMENT everything you are doing so that it can stand up in court if need be.

S

Share this post


Link to post

I would enable auditing on the domain and the workstations involved. Set this in the group policy snap in, then right-click on the files you suspect of being accessed and set them up for auditing in the security tab.

Share this post


Link to post

I really wouldn't install monitoring software without telling people that it's being done.

 

I know it kind of defeats the object, but as mentioned, there are all kinds of legal implications if you just put this stuff in place without taking the neccessary steps.

 

Your HR dept should know what's what as far as that goes, so check the lie of the land with them.

 

You might find that it is perfectly sufficent to send an email announcing the intention to install monitoring software on certain PCs, and that anyone found breaking the law or browsing unsiutable websites will find themselves in deep do-do.

 

I presume your company has an acceptable-use policy on what they can and cannot do with the computers?

Share this post


Link to post

I work for the company that produces SofTrack and it has the ability to audit all file open and create attempts for the workstations. SofTrack is used for Metering/Auditing/Inventory software on the network. It also has some control features that you might like.

 

Paul Richardson

Integrity Software

www.softwaremetering.com

Share this post


Link to post

Originally posted by prichardson:

Quote:
I work for the company that produces SofTrack and it has the ability to audit all file open and create attempts for the workstations. SofTrack is used for Metering/Auditing/Inventory software on the network. It also has some control features that you might like.

 

Paul Richardson

Integrity Software

www.softwaremetering.com

 

Normally I am not crazy about people selling their stuff in the forums (with the exception of the trade/selling area, of course) but in this case I believe it's OK. This is an application that is a possible solution for the issue at hand.

 

If this becomes an issue in future (abused, complaints, etc) then further action will be taken at that time.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×