|
Author |
Message |
tatters |
This post is not being displayed .
|
tatters Exxon Valdez
Joined: 05 Jan 2004 Karma :
|
Posted: 19:24 - 14 Apr 2017 Post subject: Windows Event Log Information |
|
|
Hi,
I have been asked to look into some suspicious activity on a windows 7 computer which was in a locked office. While the owner was away on holiday a colleague had the office door broken into and the locks changed. The locks to the building were due to all be changed after the person was back from Holiday, but the colleague had the lock smith come in a week early without permission, and this persons believes that this was done to access their computer. When they returned Microsoft office had two documents showing in the recently opened sidebar which had not been accessed by this person for over two years (screen shot taken), and theses documents had information that the colleague is not allowed to have access.
I had a look though the windows event log and can see that when the Microsoft office application is run a few events are created for the office software protection platform service. This also corresponds up to when the person last used office on the computer before going away.
Now while they were away the computer was idle with only a few background events occurring until when Microsoft office software protection platform service events started occurring again when we believe this person was accessing theses documents.
Would this information on the events log be enough for them to use as proof of someone accessing their computer? Or is there anything else that can be looked into?
Thanks, ____________________ Past:NRG50,AF1125(x2),NSR125RR,ZZR250,CX500,VFR400,KR1S,ZZR600(x2),CB400N,YZF1000(x2),KH125,Z200,FX400R,CBR954RR(x2)GPZ500S,GT550,VFR750F(x2),RD350N,XR650R,CBR600F,CB250,KDX250,YZF750R,CRM250,400EXC,KLR650,TTR600RE,DR350S,R100GSPD,RGV250,VMAX1200,DL650 Present:G650XC,C12,KZ750,1190ADV |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Rogerborg |
This post is not being displayed .
|
Rogerborg nimbA
Joined: 26 Oct 2010 Karma :
|
Posted: 08:25 - 15 Apr 2017 Post subject: Re: Windows Event Log Information |
|
|
tatters wrote: | Would this information on the events log be enough for them to use as proof of someone accessing their computer? |
For what purpose?
Criminal, beyond a reasonable doubt? I can't see it, and you wouldn't be investigating it anyway if it were criminal.
Civil, balance of probability? Employment tribunal? It would contribute towards it. You'd have to suck it and see. If things were open and shut, we wouldn't need courts to arbitrate.
Usual question before action: what loss occurred, or what remedy is being sought?
Mental situation sounds mental, I'd be careful about getting any crazy on you. ____________________ Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
Back to top |
|
You must be logged in to rate posts |
|
|
M.C |
This post is not being displayed .
|
M.C Super Spammer
Joined: 29 Sep 2015 Karma :
|
Posted: 08:29 - 15 Apr 2017 Post subject: |
|
|
I have nothing to add except keep us updated |
|
Back to top |
|
You must be logged in to rate posts |
|
|
Pjay |
This post is not being displayed .
|
Pjay World Chat Champion
Joined: 18 Jan 2016 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
dydey90 |
This post is not being displayed .
|
dydey90 World Chat Champion
Joined: 01 Oct 2013 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Hong Kong Phooey |
This post is not being displayed .
|
Hong Kong Phooey World Chat Champion
Joined: 30 Apr 2016 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
subpardave |
This post is not being displayed .
|
subpardave Derestricted Danger
Joined: 18 Jan 2017 Karma :
|
|
Back to top |
|
You must be logged in to rate posts |
|
|
Old Thread Alert!
The last post was made 7 years, 4 days ago. Instead of replying here, would creating a new thread be more useful? |
|
|
|