crawdaddy (344241) writes "A friend suspects some of his employees (that access the network using remote desktop connections over a VPN) may be up to no good, due to certain suspicious activities. The business has an Active Directory domain setup on a Windows Server box, as well as several desktops. What are some things I can look for that might indicate whether or not further investigation (ie. professional forensic analysis) is warranted? What tools are recommended for accomplishing those tasks without compromising the courtroom validity of the data? Would it be better/safer, in terms of preserving the data, to install stealth monitoring software to track the users' movements and simply analyze that, instead?"
Submission Summary: 0 pending, 11 declined, 0 accepted (11 total, 0.00% accepted)
crawdaddy (344241) writes "On January 20, I'll be attending Barack Obama's inaugural ceremony with a group of family and friends. I thought it'd be interesting if we did something that would allow us and others to easily spot the group in aerial photos of the crowd. The main problem with the ideas I've had, so far, is that they either seem too small-scale or fall under the purview of the list of banned items. The list includes you standard list of weapons and booze, along with sticks or poles, hand tools, such as "Leatherman", packages, backpacks, large bags, suitcases, thermoses, coolers, strollers, umbrellas, laser pointers, signs, and posters. Any slashdotters out there have a good idea? Perhaps a clever modification of a hat? Also, keep in mind that the final bullet point on the list of banned items is "other items that may pose a threat to the security of the event as determined by and at the discretion of the security screeners," so the more innocuous and easily explained to a tired security examiner, the better. Bonus points if the suggested idea might increase our chances of being the focus of a photo."