Two computers' files were deleted remotely by another computer. How can we track down the source computer that logged into these two computer and deleted the files?
I'm not sure which version(s) of Windows you're running, but if you have security and system event logging enabled to track logins, network connections, etc. that may be your only source to track things down. See
this Microsoft article
for details on event logging. Also, consider any VPN, firewall, and router logs that may have recorded such events. Good luck in finding the perpetrator!
View questions and answers from all of our Windows security experts here.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.