-
April 19th, 2011, 09:57 AM
#1
Registered User
Checking info on bad employee
So I've been put on a test at work. I am forced to share a desk with a slob, liar, and slacker. He's so far installed a bunch of programs and claimed I did it to try and get me reprimanded or fired. I need to know how I can prove who installed it, when and also after the fact that they've been uninstalled. Mind you not a wiped hard drive. The biggest problem is McAfee as it's a huge no no here to install antivirus that isn't authorized. I need to figure this out before monday.
I also need to find a way to track his internet traffic as well. He wipes his history but I recall a way to track through the registry. Any ideas?
Last edited by Niclo Iste; April 19th, 2011 at 10:00 AM.
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
April 19th, 2011, 11:00 AM
#2
Registered User
Punch him inna face. Then check both the system log and application logs. Then, verbally abuse him, making light of both his dubious ancestry and his offensive odors. I got your back.
" I don't like the idea of getting shot in the hand" -Blackie in "Rustlers Rhapsody"
" It is a proud and lonely thing, to be a Stainless Steel Rat." - Slippery Jim DiGriz
-
April 19th, 2011, 12:07 PM
#3
Registered User
I already tried looking at the event viewer, only me removing it showed and nothing about it being installed showed at all.
Believe me I will break his nose if I end up on the elevator with only him.
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
April 19th, 2011, 03:02 PM
#4
Registered User
Install a software keylogger.
Sergeant WOTPP
-
April 19th, 2011, 03:50 PM
#5
Registered User
Unless he is an expert there will be traces left (temp files, installation files etc). Look at file attributes and see who the creator is. Hopefully you don't share the login...
Side note: many programs leave traces in %appdata%\local\temp
Last edited by CeeBee; April 19th, 2011 at 03:53 PM.
Protected by Glock. Don't mess with me!
-
April 19th, 2011, 03:56 PM
#6
Registered User
He may be using a scrubber program at the most. From what I have been told he's about as good at IT as a blindfolded monkey having a seizure.
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
April 19th, 2011, 07:22 PM
#7
Registered User
http://www.nirsoft.net/computer_forensic_software.html
The IECacheview program is nice. I always run these things on the drive external not on the sytem live.
You may also consider that he is using a USB drive to do this in which case I typically just disable in gpedit.
-
May 11th, 2011, 10:56 AM
#8
Registered User
I'll still come over and punch him inna face. I'll wear a derby so you will know it's me.
" I don't like the idea of getting shot in the hand" -Blackie in "Rustlers Rhapsody"
" It is a proud and lonely thing, to be a Stainless Steel Rat." - Slippery Jim DiGriz
Similar Threads
-
By elo.trans.ts in forum Windows NT/2000
Replies: 1
Last Post: October 18th, 2004, 07:30 AM
-
By ngc4414 in forum Tech-To-Tech
Replies: 12
Last Post: July 29th, 2004, 07:17 PM
-
By notorious_carl in forum Tech Lounge & Tales
Replies: 11
Last Post: July 15th, 2004, 03:34 PM
-
By qei in forum Tech-To-Tech
Replies: 6
Last Post: September 10th, 2001, 09:39 AM
-
By DANIMAL in forum Hard Drive/IDE/SCSI Drivers
Replies: 12
Last Post: July 1st, 2001, 04:38 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks