HI
i have a windows 2008 r2 file server and i have turned object auditing on my shared file to know what is being done with the files.
Today i am in a need to find some logs but i can not find the filtering capabilities to do so.
We have a breach in security i.e an IT user has log on the file server via remote desktop withe the domain administrator credentials and has access some highly sensitive and confidential data in the HR folder which is currently restricted to the HR and administrator (in case of trouble).
i do have all my logs but i need to find all activities related to this folder by the administrator. i cant filter the logs by the folder.
is there any way i can do this. any software or script which can help me catch this guy.
Also i will need to get all object log details of what the administrator has modified or viewed.