PaulDotCom mailing list archives
Recover deleted Windows "Audit Logs"
From: a.qarta at gmail.com (Aa'ed Alqarta)
Date: Thu, 5 Nov 2009 08:46:45 +0300
No, the administrator had done something using this server as a "hop" to access another critical workstation. After he finished whatever he was planning for, he erased event logs and we only found one audit log saying "*audit log has been* manually cleared by ....". They were Windows event logs, and I'll double check about the file system type. thanks On Tue, Nov 3, 2009 at 5:03 PM, Joel Folkerts <joel.folkerts at gmail.com>wrote:
Were the files themselves deleted or the entries within the logs? What kind of logs are you referring to, i.e. Windows event logs, logs stored within a database, text logs. What type of file system are the logs stored on? -Joel "The path to hell is paved with good intentions." On Tue, Nov 3, 2009 at 3:49 AM, Aa'ed Alqarta <a.qarta at gmail.com> wrote:Hello Everyone, I'd like to know is it possible to recover deleted "Audit Logs" after being erased by some administrator? _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Best Regards, ---------------------------------------------------------- http://extremesecurity.blogspot.com http://www.linkedin.com/in/aalqarta http://www.experts-exchange.com/M_3011930.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091105/92669123/attachment.htm
Current thread:
- Recover deleted Windows "Audit Logs" Aa'ed Alqarta (Nov 03)
- Recover deleted Windows "Audit Logs" Tim Krabec (Nov 03)
- Recover deleted Windows "Audit Logs" Joel Folkerts (Nov 03)
- Recover deleted Windows "Audit Logs" Aa'ed Alqarta (Nov 04)
- Recover deleted Windows "Audit Logs" Joel Folkerts (Nov 05)
- Recover deleted Windows "Audit Logs" Aa'ed Alqarta (Nov 04)
- Recover deleted Windows "Audit Logs" gameman733 (Nov 03)