Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Tracking moved files?

from [Bill Wittmer] Network Security [Permanent Link]
Subject: Re: Tracking moved files?
Date: Fri, 12 May 2006 11:52:22 -0400 

"Bill Wittmer" <wr.wittmer1@verizon.net> wrote in message news:...
 If you think this is an ongoing problem and a security issue you could you
 could monitor the data flow in the future to the USB Device with USBSnoop
 http://sourceforge.net/projects/usbsnoop.  This software logs the data flow
 between the Hard drive and the usb device driver.  Or try wdmsniffer tool
 from 
ftp://ftp.compuware.com/pub/driverstudio/outgoing/utility/wdmsniffer.zip.

 Regards,
 Bill



"Serge Jorgensen" <filbanks@gmail.com> wrote in message 
dbddb7bf0605040916q92d63dcgc65adbe48e99db7e@mail.gmail.com">news:dbddb7bf0605040916q92d63dcgc65adbe48e99db7e@mail.gmail.com...
Hello!

I'm try to show that files were copied and/or moved off a W2K drive
onto a USB stick. Obviously the registry and setupapi files show the
USB installation info - but I can't find the log file (or other
method?) that Windows must use to track files being moved and copied.

I don't have the USB device - which would make this a whole lot easier.

Any ideas would be great.

Thanks.

George
[More messages with this same subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Question on CD-ROMs and Cache, Tim
Next by Date:  e-crime and computer evidence 2006 conference, Angus Marshall
Previous by Thread:  Re: Tracking moved files?, Butterworth, Jim
Next by Thread:  Re: Forensics image of SGI host, Paul Robertson
Indexes:  [Date] [Thread] [Top] [All Lists]