I have a problem and i was hoping for an answer for by all the smart gentlemen around here. I work in a company that contracted with some external IT auditors as "ethical hackers" where they are supposed to scan through our computers for any suspicious files, how do we use it, whether we connect to 3G networks during work hours and then brows facebook and alike and whether we have installed some other non standard software. So, my issue is there a way to know whether i've been scanned already or not? I came through one post that mention a command (sorry i missed writing it down) that opened something called "shared folders". But how i see it is that this shows who is connected "now" but it doesn’t show whether someone was already connected before or not, and what have they done over my computer. Is there a way to know please? I am using windows 8.1 and part of the domain needless to say and i am admin user on my computer. Thanks.
Asked
Active
Viewed 63 times
0
-
1Wouldn't it be easiest to simply ask them, or your domain admin? – ErikE Jul 11 '15 at 23:02
1 Answers
1
You need to enable auditing. https://technet.microsoft.com/en-us/library/cc771070.aspx
Once you have auditing enabled, you can see who has browsed, opened/read, written folders and files.
EDIT Oh, wait, you're on Windows 8. You can't do that on Windows 8. You'll need to download an auditing app and install it on your system if you want audit capabilities on your workstation.
CIA
- 1,604
- 2
- 13
- 32
-
Seriously? win8 can't do audit?! Anyway, he can use Sysinternals' Sysmon instead. – EliadTech Jul 12 '15 at 08:42
-
Thanks gents. @CIA, if windows 8 does not allow that, any recommended auditing apps? I have no clue what their names might be and i would appreciate your help. – Youssuf Ali Jul 12 '15 at 17:05
-
Alos, will enable auditing make "new" access only logged and visible? Or running an auditing app now will make me see historicall access as well? Thanks. – Youssuf Ali Jul 12 '15 at 17:13
-
Auditing apps will only let you gather auditing data for after the auditing apps are installed and configured. You can't get historical data, because historical data doesn't exist before the auditing software is installed. I can't tell you why Win8 doesn't come with auditing capabilities by default; I didn't design Win8. – CIA Jul 12 '15 at 20:18