User stealing data
Need some advice. There is a suspicion that one of the network users is stealing data. There is a CD burner in the office + they are allowed web based email also. I thought to install some spy software like: We need to see if he/she is mailing the data out or even using the CD burner.
Need some advice.
There is a suspicion that one of the network users is stealing data.
There is a CD burner in the office + they are allowed web based email also.
I thought to install some spy software like:
http://www.acespy.com/details.html
We need to see if he/she is mailing the data out or even using the CD burner.
Windows 2000 server, Exchange 2000 and win 2K Pro workstations
I do know that we need to block webmail and the CD burner, but we dont want to until we get the required evidence.
We need to find out what they are up to, anyone got some good tips, experience or advice on this one?
There is a suspicion that one of the network users is stealing data.
There is a CD burner in the office + they are allowed web based email also.
I thought to install some spy software like:
http://www.acespy.com/details.html
We need to see if he/she is mailing the data out or even using the CD burner.
Windows 2000 server, Exchange 2000 and win 2K Pro workstations
I do know that we need to block webmail and the CD burner, but we dont want to until we get the required evidence.
We need to find out what they are up to, anyone got some good tips, experience or advice on this one?
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
If you know roughly the time frame this person is doing this, you could do a simple advanced search for files or programs that have been accessed around that time.
I'm sure there are programs out there that will track and log this type of thing for you, I just don't know any. We had the same thing happen here where I work...but I knew the time he/she was doing this..that made it easy to trace using file searching.
Good luck to you...hopefully someone will answer your question a little better.
I'm sure there are programs out there that will track and log this type of thing for you, I just don't know any. We had the same thing happen here where I work...but I knew the time he/she was doing this..that made it easy to trace using file searching.
Good luck to you...hopefully someone will answer your question a little better.
Take the cd burner out of the machine? and put it in only a machine an admin can access?
do u not control their email accounts, or is it likea hotmail account type of tthing.
u can password protect all shared netwrok directories...
do u not control their email accounts, or is it likea hotmail account type of tthing.
u can password protect all shared netwrok directories...
First off check with local law enforcement to make sure that nothing you do is illegal. spyware might be yet other forms of surveillance might not be.
What we would do in a situation like that is install a packet sniffer and redirect all network traffic from that machine through the sniffer. You can reconstruct everything they are doing.
also when the person is away (evenings) I would go in and make a forensic image (sector by sector) of the suspect machine at which point you can mount the image with a forensic software (Encase being an example but I doubt you'll have that kicking around as it is about 4 grand)
you can then go through the image (forensic software will also give you everything that has been deleted).
One advantage to having the image is that if the person suspects something is up and does a wipe of their machine you still have an original image before it was wiped so you still have evidence.
now when taking the image make sure you use a Hard Disk Lock so that no data can be written to the host drive. and I cannot stress this enough, DOCUMENT everything you are doing so that it can stand up in court if need be.
S
What we would do in a situation like that is install a packet sniffer and redirect all network traffic from that machine through the sniffer. You can reconstruct everything they are doing.
also when the person is away (evenings) I would go in and make a forensic image (sector by sector) of the suspect machine at which point you can mount the image with a forensic software (Encase being an example but I doubt you'll have that kicking around as it is about 4 grand)
you can then go through the image (forensic software will also give you everything that has been deleted).
One advantage to having the image is that if the person suspects something is up and does a wipe of their machine you still have an original image before it was wiped so you still have evidence.
now when taking the image make sure you use a Hard Disk Lock so that no data can be written to the host drive. and I cannot stress this enough, DOCUMENT everything you are doing so that it can stand up in court if need be.
S
I really wouldn't install monitoring software without telling people that it's being done.
I know it kind of defeats the object, but as mentioned, there are all kinds of legal implications if you just put this stuff in place without taking the neccessary steps.
Your HR dept should know what's what as far as that goes, so check the lie of the land with them.
You might find that it is perfectly sufficent to send an email announcing the intention to install monitoring software on certain PCs, and that anyone found breaking the law or browsing unsiutable websites will find themselves in deep do-do.
I presume your company has an acceptable-use policy on what they can and cannot do with the computers?
I know it kind of defeats the object, but as mentioned, there are all kinds of legal implications if you just put this stuff in place without taking the neccessary steps.
Your HR dept should know what's what as far as that goes, so check the lie of the land with them.
You might find that it is perfectly sufficent to send an email announcing the intention to install monitoring software on certain PCs, and that anyone found breaking the law or browsing unsiutable websites will find themselves in deep do-do.
I presume your company has an acceptable-use policy on what they can and cannot do with the computers?
I work for the company that produces SofTrack and it has the ability to audit all file open and create attempts for the workstations. SofTrack is used for Metering/Auditing/Inventory software on the network. It also has some control features that you might like.
Paul Richardson
Integrity Software
www.softwaremetering.com
Paul Richardson
Integrity Software
www.softwaremetering.com
Originally posted by prichardson:
Quote:I work for the company that produces SofTrack and it has the ability to audit all file open and create attempts for the workstations. SofTrack is used for Metering/Auditing/Inventory software on the network. It also has some control features that you might like.
Paul Richardson
Integrity Software
www.softwaremetering.com
Normally I am not crazy about people selling their stuff in the forums (with the exception of the trade/selling area, of course) but in this case I believe it's OK. This is an application that is a possible solution for the issue at hand.
If this becomes an issue in future (abused, complaints, etc) then further action will be taken at that time.
Quote:I work for the company that produces SofTrack and it has the ability to audit all file open and create attempts for the workstations. SofTrack is used for Metering/Auditing/Inventory software on the network. It also has some control features that you might like.
Paul Richardson
Integrity Software
www.softwaremetering.com
Normally I am not crazy about people selling their stuff in the forums (with the exception of the trade/selling area, of course) but in this case I believe it's OK. This is an application that is a possible solution for the issue at hand.
If this becomes an issue in future (abused, complaints, etc) then further action will be taken at that time.