if you suspect USB drives are being used then you can read the USBSTOR portion of the person's registry and see if drives have been plugged in recently. Can then check the person's Recent folders for documents they shouldnt have accessed. mrulists in the registry could be consulted as well
installing spyware for this purpose seems quite overkill On Sat, May 25, 2013 at 9:26 PM, Dan Baxter <[email protected]> wrote: > Okay, yesterday at work, I was asked if I could deploy some spyware to a PC > to determine what a particular user is doing. The requestor was one of our > corporate attorneys, no less. > > The concern is that this individual is possibly accessing sensitive > documents and getting them to a competitor. I'm not at this location, so I > don't know the person, or the exact circumstances or requirements, yet. I > have been told he's the "unofficial IT guy" for this location, so he may be > wary. > > At present, we don't block access to USB drives. We do block access to > cloud based storage (Dropbox, Copy, Skydrive, etc). > > Ironically, this is the same atty that helped shoot down a DLP project I was > working on earlier this year. I took gratification in pissing her off by > reminding her that this would be a perfect example of why we need one. > > Anyway, assuming I get signoff from HR and our Ethics department (still > questionable), are there any suggestions of what I could deploy? Also, I > realize some testing is going to need to be done to make sure it doesn't set > off alarms on his A/V. Any other pitfalls I need to be aware of? > > Thanks in advance. > > > Dan Baxter > ------------------------------------------------- > Quis custodiet ipsos custodes? > > "A sword never kills anybody; it is a tool in the killers hands."-Lucius > Annaeus Seneca, c.4BC-65AD > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
