If none of the above procedures works, I would suggest do some Recycle Bin forensics for some clue on culprit... Please refer the below link on how to do it:
http://cdnetworks-us-1.dl.sourceforge.net/project/odessa/ODESSA/White%20Papers/Recycler_Bin_Record_Reconstruction.pdf Moreover, S-xx-xx-1003 folder shall represent SID (security identifier) of currently logged on user essentially a administrator. Forensics analysis of INFO2 file mentioned by you along with logs as requested by Sandeep can be helpful in studying this issue further... Hope we will get these log files along with INFO2 file if possible... Regards Amardeep T -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
