On Wednesday 13 March 2002 19:22, Alan Cooper wrote: > me what they are doing if access is granted, their IP > address, time of day, etc? Is there a better way > approach this problem?
It might be better solution to (if you can, of course) do some packet sniffing on the machine - this way you can be practically undetectable (if you work with network administrators), and at the same time you'll get not just a log file of something being accessed or transferred, but the data that were being accessed, too. This way you can recreate intruders activities and see what (s)he's been trying to do, without giving notice to the intruder. If someone is really stealing the data, you can use this approach to have some material evidence - and that's very important if you want to have someone fired or maybe even jailed. -- Radoslav Dejanovic Senior Associate to Mayor's Office City of Zagreb, Croatia
