file accessed in a ...
 
Notifications
Clear all

file accessed in a server

2 Posts
1 Users
0 Likes
518 Views
(@pinin113)
Posts: 47
Eminent Member
Topic starter
 

I still have not too many informations, the customers asks me to find who and when, in a group of 7 users allowed to log in into, downlooaded a db on his own lapptop(not a business laptop, but his own).
so i suppose i have to do a live acquisition of the disk.
i don't know if i have to do it in full or only in the area in qhich the db is.
and what tools can i use, i used long ago kali

 
Posted : 18/01/2019 11:02 am
(@pinin113)
Posts: 47
Eminent Member
Topic starter
 

please help…the customer told me that the server is 80 tb, so i will never aquire it.
The job consists in discoverying when one of the 7/8 users of the server downloaded the db of the company, with sensitive informations.
can I take the forensic image of the log file only? where it should be? I read on forensicfocus that I can use Paladin forensic, and I'm downloading it

 
Posted : 22/01/2019 3:04 pm
Share: