Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - How can you safely confirm breach without details?

crawdaddy writes: A friend suspects some of his employees (that access the network using remote desktop connections over a VPN) may be up to no good, due to certain suspicious activities. The business has an Active Directory domain setup on a Windows Server box, as well as several desktops. What are some things I can look for that might indicate whether or not further investigation (ie. professional forensic analysis) is warranted? What tools are recommended for accomplishing those tasks without compromising the courtroom validity of the data? Would it be better/safer, in terms of preserving the data, to install stealth monitoring software to track the users' movements and simply analyze that, instead?
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

How can you safely confirm breach without details?

Comments Filter:

Never appeal to a man's "better nature." He may not have one. Invoking his self-interest gives you more leverage. -- Lazarus Long

Working...