How about checking the antivirus log? If it is done right the real time
check will tell you it scanned the thumbdrive and all the files there...
Plus many also check when copying/moving
------------------------------------
Ricardo Luis Landrau Millan
OGP Coordinador de Tecnologias de Informacion (IT Coordinator)
rlandrau (at) tig.ogp.gobierno (dot) pr [email concealed]
Calle Prolongacion La Paz
Miramar
tel: 787-977-9200 X4287
------------------------------------
-----Original Message-----
From: MikeMackrill (at) BC (dot) com [email concealed] [mailto:MikeMackrill (at) BC (dot) com [email concealed]]
Sent: Sunday, May 07, 2006 1:51 PM
To: filbanks (at) gmail (dot) com [email concealed]; forensics (at) securityfocus (dot) com [email concealed]
Subject: Re: Tracking moved files?
Did you check the recent items to look for a reference to the file on
the thumb drive?
All I could think of on a Sunday morning.
Mike Mackrill
-----Original Message-----
From: Serge Jorgensen <filbanks (at) gmail (dot) com [email concealed]>
To: forensics (at) securityfocus (dot) com [email concealed] <forensics (at) securityfocus (dot) com [email concealed]>
Sent: Thu May 04 10:16:08 2006
Subject: Tracking moved files?
Hello!
I'm try to show that files were copied and/or moved off a W2K drive
onto a USB stick. Obviously the registry and setupapi files show the
USB installation info - but I can't find the log file (or other
method?) that Windows must use to track files being moved and copied.
I don't have the USB device - which would make this a whole lot easier.
check will tell you it scanned the thumbdrive and all the files there...
Plus many also check when copying/moving
------------------------------------
Ricardo Luis Landrau Millan
OGP Coordinador de Tecnologias de Informacion (IT Coordinator)
rlandrau (at) tig.ogp.gobierno (dot) pr [email concealed]
Calle Prolongacion La Paz
Miramar
tel: 787-977-9200 X4287
------------------------------------
-----Original Message-----
From: MikeMackrill (at) BC (dot) com [email concealed] [mailto:MikeMackrill (at) BC (dot) com [email concealed]]
Sent: Sunday, May 07, 2006 1:51 PM
To: filbanks (at) gmail (dot) com [email concealed]; forensics (at) securityfocus (dot) com [email concealed]
Subject: Re: Tracking moved files?
Did you check the recent items to look for a reference to the file on
the thumb drive?
All I could think of on a Sunday morning.
Mike Mackrill
-----Original Message-----
From: Serge Jorgensen <filbanks (at) gmail (dot) com [email concealed]>
To: forensics (at) securityfocus (dot) com [email concealed] <forensics (at) securityfocus (dot) com [email concealed]>
Sent: Thu May 04 10:16:08 2006
Subject: Tracking moved files?
Hello!
I'm try to show that files were copied and/or moved off a W2K drive
onto a USB stick. Obviously the registry and setupapi files show the
USB installation info - but I can't find the log file (or other
method?) that Windows must use to track files being moved and copied.
I don't have the USB device - which would make this a whole lot easier.
Any ideas would be great.
Thanks.
George
[ reply ]