Problem solve Get help with specific problems with your technologies, process and projects.

Using event logging to reveal network activity

Windows security threats expert Kevin Beaver helps a user detect a rogue computer on his network.

Two computers' files were deleted remotely by another computer. How can we track down the source computer that logged into these two computer and deleted the files?
I'm not sure which version(s) of Windows you're running, but if you have security and system event logging enabled to track logins, network connections, etc. that may be your only source to track things down. See this Microsoft article for details on event logging. Also, consider any VPN, firewall, and router logs that may have recorded such events. Good luck in finding the perpetrator!

View questions and answers from all of our Windows security experts here.

This was last published in May 2006

Dig Deeper on Network intrusion detection and prevention and malware removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.